Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Remote Access CRLs

Hi,

Suppose I configure IPSec VPN with certificate authentication for Cisco VPN client (during IKE phase 1),

Cisco ASA is also configured with certificates from the same CA server and I am able to download CRL.

IPSec VPN is functional.

Later, I revoke VPN client certificate from CA server and I download CRL to Cisco ASA again. VPN client is still able to connect to Cisco ASA.

What am I doing wrong?

2 REPLIES
New Member

Re: VPN Remote Access CRLs

Did you check through the CA Certificate options under Certificate Management in the ASDM?  There are settings there related to checking for certiticate revocation and there's a checkbox to "Consider certficate valid if revocation information cannot be retrieved".  When I first set up my CA, that was on by default.

New Member

Re: VPN Remote Access CRLs

Option "Consider certficate valid if revocation information cannot be retrieved" is not selected. Restart of CA server solved the problem, :-D.

Thank you

191
Views
0
Helpful
2
Replies