By setting <b>strictcrlpolicy=yes</b> a <b>strict CRL policy</b> is enforced on
both roadwarrior <b>carol</b> and gateway <b>moon</b>. The remote host <b>carol</b>
initiates the connection and presents a certificate that has been revoked by the
current CRL causing the IKE negotiation to fail.