The network is configured as follows:

    POLE
      |
    NORTH
      |
      NIC---EAST--SUNRISE

East does not have north's certificate cached. 
East will send a CR to north.

East also doesn't have a specific policy for north, but rather, 
will accept anything that is signed by a specific CA.

North will transmit its certificate to east via nic. 
North's certificate  is issued by a CA east accepts (cacerts/ca.crt), and
so should be accepted.

NIC serves as a simple router between NORTH and EAST.

The simple test is to connect the POLE and SUNRISE networks
together. This is tested with a ping, a la "basic-pluto-03"

Note that east has a CRL which is assumed to be up-to-date.