VPN Concentrator 3030 using CRLs from Windows 2000 CA Server
I have installed a couple of VPN Concentrator (3030/ OS 3.5.3) and Windows 2000 CA server with SCEP support.
I configure and created CA / Concentrators + VPN Client certificates via SCEP as per documentation and all works fine.
The last stage is to get the CRLs download via LDAP but here documentation is not so clear.
Note: I also notice the CA server need to be installed as DC (Domain controller) as otherwise they will not run LDAP Directory Service.
I have checked the CDP (CRLs Distribution Point) on the W2K CA server and left it as default for LDAP.
At the Concentrator I have modified the CRL checking to do a search on a diferent Base DN. Then I looked at the live event log, try to VPN in and even if the path have been change. The concentrator seems to be still be looking for CRL on the CDP provided by the CA Certificate???
After that you can see the concentrator fails to download the CRL.
Because of it the VPN Client is not authorised to VPN in as the Concentrator hasn't got a CRL to check against.
Then my Qs are:
1. I am missing something?
2. Does anyone have the Concentrator and W2K CA working fine via LDAP?
3. Do I need to change the CRL Distribution Points on the CA server.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...