Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
0
Helpful
2
Replies

VPN Remote Access CRLs

NemanjaPoprzen
Level 1
Level 1

‎07-16-2010 05:16 AM - edited ‎02-21-2020 04:44 PM

Hi,

Suppose I configure IPSec VPN with certificate authentication for Cisco VPN client (during IKE phase 1),

Cisco ASA is also configured with certificates from the same CA server and I am able to download CRL.

IPSec VPN is functional.

Later, I revoke VPN client certificate from CA server and I download CRL to Cisco ASA again. VPN client is still able to connect to Cisco ASA.

What am I doing wrong?

Labels:
0 Helpful
2 Replies 2

sjbdallas
Level 1
Level 1

‎07-16-2010 08:29 AM

Did you check through the CA Certificate options under Certificate Management in the ASDM?  There are settings there related to checking for certiticate revocation and there's a checkbox to "Consider certficate valid if revocation information cannot be retrieved".  When I first set up my CA, that was on by default.

0 Helpful

NemanjaPoprzen
Level 1
Level 1
In response to sjbdallas

‎07-17-2010 02:12 AM

Option "Consider certficate valid if revocation information cannot be retrieved" is not selected. Restart of CA server solved the problem, :-D.

Thank you

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents