18.3.5.2. Deactivating SPE for Access Points with Soft Restart 
Access point encryption (signaling and payload) is deactivated with
the AMO SIPCO followed by a soft restart. In a duplex system, you also
only have to perform one soft restart on the active CC.
IMPORTANT:
Deactivation of the access point encryption causes
every call and the associated DMC connections with access point reference
(subscriber or trunk in AP shelf) to be executed and signaled as non-secure
calls from an end-to-end perspective. The connections between the STMI
board in the AP shelf and the HFA subscribers or the partner gateway,
however, remain encrypted, i.e. TLS subscribers will still run on TLS
in AP shelves and trunking gateways which have already established a
TLS connection will continue using TLS connections.
Activating SPE
Like deactivation, with the AMO SIPCO and soft restart.
Caution
AMO SIPCO prompts the administrator to perform a hard restart after
activating/deactivating SPE. This advisory is not modified for the following
reasons:
- When SPE is already activated on the system for HFA subscribers and IP trunking and access point encryption is activated for the first time, a hard restart must be performed before the feature works correctly.
- If a customer would like to deactivate SPE completely for an access point and the associated common gateways, a hard restart must be performed for this.