Policy Agent main configuration file

For an active TCP/IP stack with IPSECURITY defined, removing an existing TcpImage statement from the Policy Agent configuration file has the following effects on IP security policy:

• Existing IP filters remain.
• Existing Security Associations remain.
• Traffic continues to flow in the same way it did before the TcpImage statement was removed, including IPSec-protected traffic.
• New Security Associations cannot be activated.
• Existing Security Associations cannot be refreshed and are deleted when the refresh period expires.

If the intent of removing the TcpImage statement is to remove IP filters from the stack, an alternative is to modify the IP security policy to install a filter rule that permits all inbound and outbound traffic. Also, before restarting the stack, the IPSECURITY parameter should be removed from the IPCONFIG statement of the relevant stack.