Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    ike crl

    Syntax

    ike crl { ignored | optional | required }

    no ike crl

    Release Information

    Command introduced before JunosE Release 7.1.0.

    Description

    Controls how the router handles certificate revocation lists (CRLs) during negotiation of IKE phase 1 signature authentication. The no version returns the CRL setting to the default, optional.

    Note: This command has been replaced by the ipsec crl command and may be removed completely in a future release.

    Options

    • ignored—Allows negotiations to succeed even if a CRL is invalid or the peer's certificate appears in the CRL; this is the most lenient setting
    • optional—If the router finds a valid CRL, it uses it; this is the default
    • required—Requires a valid CRL; either the certificates belonging to the E Series router or the peer must not appear in the CRL; this is the strictest setting

    Mode

    Global Configuration

    Published: 2014-08-14