Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
0
Helpful
2
Replies

Multi Certificate authenication with anyconnect vpn

key_tone_9926
Level 1
Level 1

‎05-13-2022 05:31 AM

i 'Im currently setting up a anyconnect vpn using multi certificate, and finding that the CRL or OCSP is not working. 

 

Im using a yubikey with the personal certificate on it and a device certificate form a laptop, both of these are signed by our own internal CA. using the the CRL and the OCSP url which is imbedded in the certificate. The the virtual FTD is running version 7.

What im finding is that when the any of the certificates are revoked by the CA,  anyconnect still connects, when it shouldn't.

 

I have looked in the logs and can't tell if the FTD is doing a CRL or a OCSP check, on the certificates, when to see if they are revoked like it should be. 

 

Any help would be greatly apreaciated to see how i would get this working. 

0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎05-13-2022 06:02 AM

can I see the any connect tunnel-group and group-policy config ?

0 Helpful

Peter Koltl
Level 7
Level 7

‎05-14-2022 01:00 PM

What is the CLI config of the trustpoint?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card