In VPN-1 NG all IKE/IPSec SAs are saved in the kernal. Therefore, deleting the appropriate kernal table is sufficent.
1. To delete IKE SAs, delete the IKE_SA_table;
2. To delete IPSec SAs, delete the inbound_SPI and the outbound_SPI table.
Notes: All three tables are 'keep' and, therefore, will not be deleted upon policy installation.
To delete a table,
1. Run the command fw -t table_name -x
2. Type 'yes' in the confirmation prompt.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment