[Contents] [Prev] [Next] [Index] [Report an Error]

ike crl

Syntax

ike crl { ignored | optional | required }

no ike crl

Release Information

Command introduced before JUNOSe Release 7.1.0.

Description

Controls how the router handles certificate revocation lists (CRLs) during negotiation of IKE phase 1 signature authentication. The no version returns the CRL setting to the default, optional.

Note: This command has been replaced by the ipsec crl command and may be removed completely in a future release.

Options

ignored—Allows negotiations to succeed even if a CRL is invalid or the peer's certificate appears in the CRL; this is the most lenient setting
optional—If the router finds a valid CRL, it uses it; this is the default
required—Requires a valid CRL; either the certificates belonging to the E-series router or the peer must not appear in the CRL; this is the strictest setting

Global Configuration

[Contents] [Prev] [Next] [Index] [Report an Error]