Hi everbody,

i am working on a SSL remote access scenario with a ASA5515 ,AnyConnectSecureMobilityClient and Primekey EJBCA.

Following scenario raises a question:

I revoked the ASA Identity Cert and wonder why i can successfully establish a VPN Tunnel.

The VPN-GW authenticates itself with a revoked cert to the VPN client, which has no functionality to do a revocation check.

AnyConnect has no OCSP/CRL checking support.

Why is this NOT a problem ?

Thanks for any arguments in advance !

Best regards

Markus