Use the IPsec window to delete a specific IPsec security association (SA) or all SAs. SAs are created by successful IPsec negotiations between the SBC Core and protected peers. Each SA is the bundle of algorithms and parameters used to encrypt and authenticate a particular flow in one direction. Thus for normal bidirectional traffic, the flows are secured by a pair of security associations. SAs are removable through notification by the peer that an SA is deleted, or as a result of Dead Peer Detection determining that a peer is unresponsive. When necessary you can also remove SAs before their lifetime expires using the following methods: If an SA is deleted by one of the above scenarios within 60 seconds of the time that it was initially established, then as a Denial-of-Service protection the SBC Core does not respond to new phase 1 IKE negotiations initiated by that peer for 60 seconds. Otherwise, phase 1 IKE re-negotiations may proceed immediately on a deleted SA. Select an address context from the Address Context list. The Commands list appears as shown below. Use the following table to select a command option. Based on your selection, a pop-up window opens. Parameter Description IKE SA Delete Deletes a specific IKE SA IKE SA Delete All Deletes all IKE SAs. IPsec SA Delete Deletes the IPsec SA pair Enter local SPI to delete the IPsec SA pair (local_SPI: incoming Security Parameter Index value). Confirm the deletion when prompted.To Delete Security Association Entries
All > Address Context > IPsec
Figure 1: IPsec Delete SA Commands
Table 1: IPsec/IKE SA Delete ParametersPop-up Window Entry/Action In SA Index enter the specific SA index and click ikeSADelete to initiate the deletion. Click ikeSaDeleteAll to initiate the deletion. In Local SPI, enter the incoming Security Parameter Index value and click ipsecSaDelete to initiate the deletion.