Hi everbody,
i am working on a SSL remote access scenario with a ASA5515 ,AnyConnectSecureMobilityClient and Primekey EJBCA.
Following scenario raises a question:
I revoked the ASA Identity Cert and wonder why i can successfully establish a VPN Tunnel.
The VPN-GW authenticates itself with a revoked cert to the VPN client, which has no functionality to do a revocation check.
AnyConnect has no OCSP/CRL checking support.
Why is this NOT a problem ?
Thanks for any arguments in advance !
Best regards
Markus