No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Disabling Validity Verification on Certificates

(Optional) Disabling Validity Verification on Certificates

Context

When IPSec uses certificate authentication, users cannot update certificates after they become invalid, leading to unavailable certificates and IPSec authentication failure. If users still want to use invalid certificates, you can disable validity verification on certificates.

You can disable validity verification on certificates in the system view or IKE peer view. If you disable validity verification on certificates in the system view, the device does not verify certificates of all IKE peers.

Procedure

  • System view
    1. Run system-view

      The system view is displayed.

    2. Run ike certificate-check disable

      The device is configured not to verify certificates of all IKE peer.

      By default, the device verifies certificates of all IKE peer.

  • IKE peer view
    1. Run system-view

      The system view is displayed.

    2. Run ike peer peer-name

      The IKE peer view is displayed.

    3. Run certificate-check disable

      The device is configured not to verify certificates of an IKE peer.

      By default, the device verifies certificates of an IKE peer.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 150891

Downloads: 367

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next