HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 259
ipsec anti-replay window, Default, Views, Predefined user roles, Usage guidelines, Examples
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 259 highlights
undo ipsec anti-replay check Default IPsec anti-replay checking is enabled. Views System view Predefined user roles network-admin Usage guidelines IPsec packet de-encapsulation involves complicated calculation. De-encapsulation of replayed packets is not necessary but consumes large amounts of resources and degrades performance, resulting in DoS. IPsec anti-replay checking, when enabled, is performed before the de-encapsulation process, reducing resource waste. In some cases, some service data packets might be received in a very different order than their original order, and the IPsec anti-replay function might drop them as replayed packets, affecting normal communications. If this happens, disable IPsec anti-replay checking or adjust the size of the anti-replay window as required. IPsec anti-replay checking does not affect manually created IPsec SAs. According to the IPsec protocol, only IPsec SAs negotiated by IKE support anti-replay checking. Examples # Enable IPsec anti-replay checking. system-view [Sysname] ipsec anti-replay check Related commands ipsec anti-replay window ipsec anti-replay window Use ipsec anti-replay window to set the anti-replay window size. Use undo ipsec anti-replay window to restore the default. Syntax ipsec anti-replay window width undo ipsec anti-replay window Default The anti-replay window size is 64. Views System view Predefined user roles network-admin Parameters width: Specifies the size for the anti-replay window. It can be 64, 128, 256, 512, or 1024 packets. 250