×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Client to Site VPN with Certificates CRL and User question ?

Unanswered Question
Sep 12th, 2006
User Badges:

Hi all,


I got a customer has a VPN3005 setup for remote access vpn based on user certificates. I got two major questions.

1_ Customer says they revoke a user certificate but that specific user still connects to the vpn box. They showed me the log file and it says client certificate is successfully confirmed. They setup the CRL parameters on the box. Do you have any tips on this ?


2_ I think, the user certificate confirmation and username password confirmation are whole different processes, but they require that, a user with an A certificate should not be able to connect with B user' s username and password. How can this be made possible ? Any comments ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Mon, 09/18/2006 - 06:26
User Badges:
  • Silver, 250 points or more

If your users belong to the same group from a cert standpoint, you cannot prevent them from using the other ones.

If you want to prevent this from happening you have no choice but to put every user in a different group and use group locking.

Actions

This Discussion