AFAIK, it allows you to limit the use of a certain trustpoint within the ASA to a specific usage, e.g. client authentication. I wanted to test the feature and use it for a customer-implementation, but I can't - it seems the command is simply not there?!
asa(config)# crypto ca trustpoint startssl.com asa(config-ca-trustpoint)# validation-policy ^ ERROR: % Invalid input detected at '^' marker. asa(config-ca-trustpoint)#
Is there any prerequisite I'm not aware of?
By the way, the documentation here on CCO is rather inconsistant. E.g., the configuration-guide tells me to use the command "support-user-cert-validation", while the command-reference for the same version (8.2) tells me the command is deprecated!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...