I was hoping someone could help me out with this one. My VPN Concentrator has stopped retriving the CRL. I have confirmed that our CA's CRL list can be contacted from a client and i have confirmed that the CRL Distribution Point on the Concentrator is the correct address. Whenever our routers (with certificates) try to connect, the Concentrator tries to confirm the CRL by retriving it but it then says "Transaction Timed Out". Anyone any ideas on this one or any tests i can use to fault find this one ?
I have done further testing and it appears that the issue is with the GET command that the VPN Concentrator is sending through for the CRL. It is missing the FQDN ? GET /blah/blah.crl. It then sends back a (bad hostname).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...