About Henrik Meyer

Henrik Meyer · 12-18-2016

Hi, I am trying to LAB my way trough how Certificate based VPN is working. I have one "offline" root CA (Trust Anchor) and one "online" Issuing CA/SubCAMy AnyConnect client authenticates perfect with certificate based VPN If I revoke the client cert...

Henrik Meyer · 10-04-2009

Hi,How do I open up for my inside FTP server (192.168.100.14) from the outside interface on my Cisco SR520?regardsHenrik Meyer

Henrik Meyer · 09-09-2009

Hi,My SIP provider sends all incoming national calling numbers with a plus sign +45 (E164 / denmark).The UC500 can not handle this, have do I search and strip the + and country code?regardsHenrik Meyerwww.networker.dk

Henrik Meyer · 01-15-2017

I have cleared up in the Certificates on the ASA. The ASA is not holding the Private Key for the local Issuing CA - it is only the public key for the local Issuing CA. Now there is only the Public ASA cert vpn.domain.com and the local Issuing CA. c...

Henrik Meyer · 01-15-2017

ASDM_TrustPoint2 the public certificate is not used in the validation of the AnyConnect VPN Client Machine certificate. (I have never statet this either) It is used, so the AnyConnect Client is not getting an "SSL error" due to a self-sign local ASA ...

Henrik Meyer · 01-15-2017

ASDM_TrustPoint0 = Internal Issuing CA/Sub CA (Server: "rootCA" is the "Offline Root CA" that issued the certificate for the Internal "Issuing CA" named CA01.int.domain.com) My Internal PKI infrastructure: "Offline Root CA" -> "Issuing CA" -> "Clien...

Henrik Meyer · 01-15-2017

My original issue/question was also related to CRL check of the "Issuing CA" CDP. (The CRL from the "offline" Root CA) So that all certificates issued from a revoked Issuing CA, would not get validated.

Henrik Meyer · 01-15-2017

In my example, I do not even need the ASA Device cert issued from the Internal Issuing CA. The VPN clients certificates are validated against the "Issuing CA Trust Point"

Member Since	‎11-18-2009 12:24 AM
Date Last Visited	‎08-18-2017 03:55 AM
Posts	29
Total Helpful Votes Received	5

User Statistics

User Activity

Cisco ASA with revoked Issuing CA still authenticates AnyConnect VPN clients

Cisco SR520 - open up for FTP server

Translate incoming call +45 (plus sign problem)

I have cleared up in the

ASDM_TrustPoint2 the public

ASDM_TrustPoint0 = Internal

My original issue/question

If that was the case - true