| Message Code | PIX-3-717015 |
| Severity | Error |
| Description | CRL received from issuer is too large to process (CRL size = crl_size, maximum CRL size = max_crl_size) |
| Explanation | This log event will be generated when an IPSec connection causes a CRL, that is larger than the maximum permitted CRL size, max_crl_size, to be downloaded. This is an error condition that will cause the connection to fail. This message is rate limited to one message every 10 seconds. |
| User Action | Scalability is perhaps the most significant drawback to the CRL method of revocation checking. The only options to solve this problem are to investigate a Certificate Authority based solution to reduce the CRL size or configure the device not to require CRL validation. |
| Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.