Any active Security Associations that were negotiated for IPSec-protected traffic are not deleted when the ipsec -f default command is issued. However, they are deleted if, while the default policy is in effect, any associated IP filter rules from the IP filter policy are deleted or modified in such a way that the filter rule no longer encompasses the scope of the Security Association. In that case, the Security Association will be deleted when the IP security policy is reloaded.
For example, Security Associations are not deleted by the following sequence of actions:
Security Associations remain active in the stack and in IKE, though unavailable for use.
Security Associations remain active in the stack and in IKE, though unavailable for use.
Security Associations remain active in the stack and in IKE, and are available for use.
Security Associations are deleted by the following sequence of actions:
Security Associations remain active in the stack and in IKE.
Existing Security Associations are deleted.
Security Associations have been deleted.
In either case, Security Associations are never available for use when the default IP filter policy is in effect.