The certificate-access-policy command references a certificate access policy to an IKE peer.
The certificate-access-policy command cancels the certificate access policy referenced by an IKE peer.
By default, the IKE peer does not reference a certificate access policy.
| Parameter | Description | Value |
|---|---|---|
| policy-name | Indicates the name of a certificate access policy. | The certificate access policy with the specified name already exist. |
Usage Scenario
On an IPSec-enabled network, the headquarters and branches authenticate each other using a certificate. After certificate verification succeeds, the headquarters and branches can establish IPSec tunnels. However, the headquarters may want to prohibit some authenticated branches from establishing IPSec tunnels with it.
To achieve this purpose, run the certificate-access-policy command to reference a certificate access policy to an IKE peer.
Prerequisites
A certificate access policy has been created by running the pki certificate access-control-policy name command.
Precautions
If both certificate-access-policy and certificate-check disable or ike certificate-check disable commands are configured, the certificate-access-policy command does not take effect.