Multi Certificate authenication with anyconnect vpn

key_tone_9926 — Fri, 13 May 2022 12:31:56 GMT

i 'Im currently setting up a anyconnect vpn using multi certificate, and finding that the CRL or OCSP is not working.

Im using a yubikey with the personal certificate on it and a device certificate form a laptop, both of these are signed by our own internal CA. using the the CRL and the OCSP url which is imbedded in the certificate. The the virtual FTD is running version 7.

What im finding is that when the any of the certificates are revoked by the CA, anyconnect still connects, when it shouldn't.

I have looked in the logs and can't tell if the FTD is doing a CRL or a OCSP check, on the certificates, when to see if they are revoked like it should be.

Any help would be greatly apreaciated to see how i would get this working.

Re: Multi Certificate authenication with anyconnect vpn

MHM Cisco World — Fri, 13 May 2022 13:02:11 GMT

can I see the any connect tunnel-group and group-policy config ?

Re: Multi Certificate authenication with anyconnect vpn

Peter Koltl — Sat, 14 May 2022 20:00:10 GMT

What is the CLI config of the trustpoint?

topic Re: Multi Certificate authenication with anyconnect vpn in Network Security

Multi Certificate authenication with anyconnect vpn

Re: Multi Certificate authenication with anyconnect vpn

Re: Multi Certificate authenication with anyconnect vpn