30-26
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Understanding SSL VPN Server Verification (ASA)
• Configuring SSL VPN Server Verification (ASA), page 30-61
• Configuring Trusted Pool Settings (ASA), page 30-26
• Using the Trustpool Manager, page 30-27
Configuring Trusted Pool Settings (ASA)
Use the Trusted Pool Settings page to configure options for certificate revocation. You can also launch
the Trustpool Manager.
Navigation Path
(Device View only) Select an ASA device; then select Remote Access VPN > Trusted Pool from the
Policy selector.
Related Topics
• Configuring SSL VPN Server Verification (ASA), page 30-61
• Using the Trustpool Manager, page 30-27
Field Reference
Table 30-12 Trusted Pool Page
Element Description
Revocation Check Whether to check certificates for revocation. Select the appropriate
option:
• Check Certificates
If you select this option, also specify the method or methods to use
for revocation by selecting the appropriate method (CRL or OCSP)
and moving it to the box on the right by clicking >>.
Note You can choose either or both methods. If choosing both
methods, add the methods in the order in which you want them
used.
• Do not check Certificates
Certificate Map Settings Optionally, specify override options for a certificate map by selecting
the map from the following lists. Each list will include all certificate
maps that are configured on the device.
• Allow Expired Certificates—Select the certificate map for which
you want to allow expired certificates.
• Skip Revocation Check—Select the certificate map for which you
want to skip revocation check.
CRL Options Specifies options for managing the Certificate Revocation List:
• Cache Refresh Time—The number of minutes (1-1440) before the
ASA considers a CRL too old to be reliable. The default value is
60 minutes.
• Enforce next CRL update—Whether the ASA should enforce the
next CRL update.