Dear all,
i’ve just hit an odd problem with an ASA | PKI | VPN Tunnel setup.
I tried to connect a remote ASA to a central pki server using SCEP.
The setup looks like this:
ASA-Remote <===L2L-VPN===> ASA-Central --- PKI Server
The ASA remote has a trustpoint configured using the ip address of the PKI Server
crypto ca trustpoint pki
revocation-check crl
enrollment url http://192.168.191.5:8080/xxxx
serial-number
crl configure
Capturing the ASA-Remote outside interface I can se that the ASA-Remote is sending pakets to the PKI-Server
<publicIP-ASA-REMOTE>.15252 > 192.168.191.5.8080
This indicates to me that the ASA is not using the VPN Tunnel between ASA-Remote and ASA-Central for this communication.
Any Ideas how to fix this issue?
Cheers and thanks Michael
