Hello Mark, I had the same issue sometime back. If you look at the debugs, what you can notice in this situation would be that , the ASA is using R3's certificate which it has cached. This , i think, bypasses the certificate map validation.
The way to solve this is to erase the R3's public key from ASA's cache. I think you can check the key using the command " *sh crypto key mypubkey rsa" . *I'm not sure what the command to remove the keys is . It could be "*crypto key zeroize rsa *" command? Do let me know if you have any luck regarding this. Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
