Did you ever get this solved? I've got the same problem. I can request the CRL list from our ASA (from our internal CA server) succesfully, but clients still get in even if I revoke their computer certificates.
Yes it will. We were wondering, why newly revoked certificates were still able to get in.
Then we found out that it concerned all certificates in Delta-CRL.
We switched the CA back to write full CRL and everything was fine.
This was in May 2009.
I got the following answer from Cisco:
From your problem description I understand you would like to use DELTA-CRL on the ASA. This feature is unfortunately not supported at the moment. I did not find any roadmap on this either. The alternative would be to use OCSP but I guess you already thought about it.
At this point, I would strongly suggest you to contact your local Cisco Account team. They will open a PER (Product Enhancement Request) and communicate your business impact to try to get it implemented fast.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...