By default, no dependency exists between IPSec SA and IKE SA, that is, the two SAs can be deleted separately. If the IKE SA is deleted but the corresponding IPSec SA still exists, traffic forwarding will be effected. You can enable dependency between IPSec SA and IKE SA to ensure that an IPSec SA is deleted when its corresponding IKE SA is deleted.
The system supports two configuration modes: global configuration and configuration on an IKE peer. Parameters configured on an IKE peer take precedence over those configured globally. When parameters are not configured on an IKE peer, the global parameter settings take effect.