How to Replace Current Security Associations

This procedure enables you to replace current security associations. You should do this procedure periodically so that an adversary has less time to break your cryptosystem.

1. Become superuser on the system console.

   ---

   Note -

   Logging in remotely exposes security-critical traffic to eavesdropping. Even if you somehow protect the remote login, the total security of the system is reduced to the security of the remote login session.

   ---

2. On each system, flush your current security associations by doing the following substeps:

   1. Type the following command:

      # ipseckey

      This enables the ipseckey command mode.

   2. At the ipseckey command mode prompt, enter the following command:

      > flush

3. Do step 5 in the "How to Set Up a Virtual Private Network" procedure to set new security associations by changing the values of SPI and keys.