< Home

anti-replay window

Function

The anti-replay window command sets the anti-replay window size for an IPSec tunnel.

The undo anti-replay window command restores the default anti-replay window size of an IPSec tunnel.

By default, the anti-replay window size of a single IPSec tunnel is not set. The global value is used.

Format

anti-replay window window-size

undo anti-replay window

Parameters

Parameter

Description

Value

window-size

Specifies the anti-replay window size of an IPSec tunnel.

The value can be 32, 64, 128, 256, 512, or 1024, in bits.

Views

Efficient VPN policy view

Default Level

2: Configuration level

Usage Guidelines

Configuration Impact

You may need to change the anti-replay window size for an IPSec tunnel in some situations. For example, if QoS is performed for packets passing an IPSec tunnel, sequence numbers of service data packets may be different from those in common data packets. As a result, these service data packets are dropped as re-play attack packets. To prevent such packets from being dropped incorrectly, you can disable the anti-replay function or increase the anti-replay window size for the IPSec tunnel.

Prerequisites

The anti-replay function is enabled for the IPSec tunnel. By default, the anti-replay function is enabled (through the ipsec anti-reply enable command).

Precautions

When both anti-replay window and ipsec anti-replay window are configured, the anti-replay window configuration takes effect. When anti-replay window is not configured, the ipsec anti-replay window configuration takes effect.

Example

# Set the IPSec anti-replay window size to 128 bits.
<HUAWEI> system-view
[HUAWEI] ipsec efficient-vpn evpn mode client
[HUAWEI-ipsec-efficient-vpn-evpn] anti-replay window 128
Parent Topic: IPSec Configuration Commands (IPSec Efficient VPN)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >