03-15-2016 10:22 AM - edited 03-12-2019 12:29 AM
What is the maximum CRL size an ASA can support? When configuring VPN for certificate authentication, I'd like to do CRL checking, but I've heard from another customer that they hit an issue with CRLs above a few MBs.
Searching, the ONLY thing I've been able to find is a 7 year old post saying; Max 65534 entries, max size 4M
https://supportforums.cisco.com/discussion/10784511/max-crl-size-cisco-asa
03-15-2016 05:26 PM
Hello
If you are getting close or above the limit, OCSP might be a smarter way than CRL.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
03-15-2016 06:20 PM
I'm really surprised by this. Is this for all versions of IOS, even newer versions can't support a larger CRL?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide