Cisco Community
English
Register
We have 1 million community members! Join the celebration! Learn how.
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
141
Views
0
Helpful
0
Replies
m.foehrenck
Beginner
Beginner
‎11-24-2014 08:36 AM
‎11-24-2014 08:36 AM

Anyconnect cannot check recvocation of VPN-server certificate

Hi everbody,

 

i am working on a SSL remote access scenario with a ASA5515 ,AnyConnectSecureMobilityClient and Primekey EJBCA.

Following scenario raises a question:

I revoked the ASA Identity Cert and wonder why i can successfully establish a VPN Tunnel.

The VPN-GW authenticates itself with a revoked cert to the VPN client, which has no functionality to do a revocation check.

AnyConnect has no OCSP/CRL checking support.

Why is this NOT a problem ?

Thanks for any arguments in advance !

 

Best regards

Markus

 

 

Labels:
0 Helpful
0 REPLIES 0
Latest Contents
VPN Site-to-Site with dynamic IP
Created by meddane on 09-17-2021 04:03 PM
0
5
0
5
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P... view more
Site-to-Site FlexVPN IOS router
Created by meddane on 09-17-2021 04:00 PM
0
0
0
0
On R1, configure a key ring that defines the peer R3:Address: 23.0.0.3Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 23.0.0.3R1(config-ikev2-keyring-pee... view more
802.1X With Port Radius NAS PORT Id Attribute Cisco ISE
Created by meddane on 09-17-2021 03:59 PM
0
0
0
0
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al... view more
Configure Anyconnect with SAML authentication on FTD managed...
Created by Josue Brenes on 09-16-2021 08:22 AM
1
5
1
5
Introduction This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv... view more
DMVPN: Dual Hub Dual Cloud VS Dual Hub Dual Cloud: Pros and ...
Created by meddane on 09-11-2021 01:57 AM
0
5
0
5
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Event
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad