Hello all ... I am successful in getting my ASA to create SSL VPN's with AnyConnect (v2.4.1012) using DoD Common Access Cards (Smartcards). I cannot however successfully query the OCSP servers. I keep getting the same error:
OCSP status check failed. Reason: Failed to verify OCSP response.
OCSP status check failed. Reason: Signature could not be validated.
I have followed the guidelines offered by DoD and Cisco:
I have checked 'Consider certificate valid if revocation information cannot be retried', applied a filter to only allow DoD Issued Certs access & tied login to AAA (LDAP - Active Directory) ... I still perform two-phase authentication by validating DoD issued certs and bounce the login credentials against our Ou ... But I have no way of checking certificate revocation.
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...
Related documentsCisco ISE (Identity Services Engine) IPv6 features by release2.6ISE ManagementNetwork Time Protocol SupportDomain Name System SupportExternal RepositoriesAudit Logs and ReportsSimple Network Management ProtocolAccess Control Lists And Dyn...
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 22.214.171.124Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 126.96.36.199R1(config-ikev2-keyring-pee...