для Cisco Cisco Packet Data Gateway (PDG)
IPSec Certificates
CRL Fetching ▀
IPSec Reference, StarOS Release 16 ▄
129
Download from CDP Extension of Peer Certificate
The following diagram illustrates peer certificate validations against CRLs. The CRL is fetched based on its CDP
extension.
extension.
Figure 26. Call Flow: CRL Download from CDP Extension of Peer certificate
The peer certificate is then verified against the CRL based on its status the IKE_AUTH proceeds.