HP-UX IPSec Version A.03.00 Administrator's Guide

Deleting SA Entries

The ipsec_admin -deletesa command deletes security association (SA) information. In

normal operation, there is no need for you to do this. However, there are cases when the SA

information on the local system is not synchronized with information on a remote system, such

as when the IPsec subsystem on a remote system terminates abruptly.

When you use the ipsec_admin -deletesa command, the following events occur:

• The IKE daemon sends IKE DELETE messages to the remote IKE entity for IKE SAs

established between the remote system and the local system.

• The IKE daemon also sends IKE DELETE messages to the remote system for the IPsec SAs

that are inbound to the local system from the remote system. The DELETE messages tell the

peer that the local system will no longer accept data for the deleted SAs. Most IKE

implementations will delete the corresponding IPsec SAs to the remote system from the

local system.

• The IKE daemon deletes all IKE and IPsec SA entries in the SA database associated with the

remote address.

ipsec_admin -deletesa Syntax

The syntax for the ipsec_admin -deletesa command is as follows:

ipsec_admin -deletesa ip_addr

Parameters

ip_addr

The IP address of the remote system.

140 Administering HP-UX IPSec