IBM Support

How to disable ipsec in AIX®

How To


Summary

This document explains how to completely disable ipsec filtering in AIX®

Steps

It is recommended to capture the terminal in a typescript file so the steps for that are included

Start terminal log:
# script /tmp/ipsec_shutdown.log
Save any current config:
# ikedb -g > /tmp/ipsec_old.xml
Remove any tunnels:
# ike cmd=remove all
Purge database:
# ikedb -x
Remove tunnel filters:
# rmtun -v4 -t all
# rmtun -v6 -t all
Stop ipsec daemons:
# stopsrc -g ike
Remove the ipsec devices:
# rmdev -dl ipsec_v4
# rmdev -dl ipsec_v6
Exit the terminal session log:
# exit

Share /tmp/ipsec_shutdown.log with IBM® AIX® support in case of problems

Additional Information

This procedure should not cause any network disruption unless you have tunnels up and running
 
You can check if you have tunnels up and running by using the command ipsecstat then look at AH/ESP counts (AH authentication header packets ESP encapsulated packets):

# ipsecstat
 
IPSec Statistics -
Total incoming packets: 8862074
 Incoming AH packets: 0
 Incoming ESP packets: 0
 Srcrte packets allowed: 0
Total outgoing packets: 735797
 Outgoing AH packets: 0
 Outgoing ESP packets: 0
 
This is an example output of ipsecstat showing ipsec not in use. AH and ESP counts are zero, meaning it is safe to disable ipsec

Document Location

Worldwide

[{"Type":"SW","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvziAAA","label":"Security->IPSEC\/IKE"}],"ARM Case Number":"TS005456965","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
20 April 2021

UID

ibm16445353

Page Feedback