HP-UX IPSec version A.02.01 Administrator's Guide
Administering HP-UX IPSec
Deleting SA Entries
Chapter 6 187
Deleting SA Entries
The ipsec_admin -deletesa command deletes security association (SA)
information. In normal operation, there is no need for you to do this.
However, there are cases when the SA information on the local system is
not sychronized with information on a remote system, such as when the
IPsec subsystem on a remote system terminates abruptly.
When you use the ipsec_admin -deletesa command, the following
events occur:
• The IKE daemon sends IKE DELETE messages to the remote IKE
entity for IKE SAs established between the remote system and the
local system.
• The IKE daemon also sends IKE DELETE messages to the remote
system for the IPsec SAs that are inbound to the local system from
the remote system. The DELETE messages tell the peer that the
local system will no longer accept data for the deleted SAs. Most IKE
implementations will delete the corresponding IPsec SAs to the
remote system from the local system.
• The IKE daemon deletes all IKE and IPsec SA entries in the SA
database associated with the remote address.
ipsec_admin -deletesa Syntax
The syntax for the ipsec_admin -deletesa command is as follows:
ipsec_config -deletesa
ip_addr
Parameters
ip_addr
The IP address of the remote system.