Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Client to Site VPN with Certificates CRL and User question ?

Hi all,

I got a customer has a VPN3005 setup for remote access vpn based on user certificates. I got two major questions.

1_ Customer says they revoke a user certificate but that specific user still connects to the vpn box. They showed me the log file and it says client certificate is successfully confirmed. They setup the CRL parameters on the box. Do you have any tips on this ?

2_ I think, the user certificate confirmation and username password confirmation are whole different processes, but they require that, a user with an A certificate should not be able to connect with B user' s username and password. How can this be made possible ? Any comments ?


Re: Client to Site VPN with Certificates CRL and User question ?

If your users belong to the same group from a cert standpoint, you cannot prevent them from using the other ones.

If you want to prevent this from happening you have no choice but to put every user in a different group and use group locking.

CreatePlease to create content