Use the interface tunnel ipsec command to create IPSec (Internet Protocol Security) options for this tunnel.
<tunnel name> enable preshared-key <key> replay-check-window {64 | 1024 | disable | auto} The IPSec Anti-replay window provides protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers.The default window size is 64 packets.<silver-peak> (config) # interface tunnel ?In environments with significant out-of-order packet delivery, IPSec may drop packets that are outside of the anti-replay window.
n interface tunnel <tunnel name> ipsec replay-check-window <64|1024|disable|auto>
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |