The ipsec anti-replay window command sets the global IPSec anti-replay window size.
The undo ipsec anti-replay window command restores the default global IPSec anti-replay window size.
By default, the global IPSec anti-replay window size is 1024 bits.
Parameter |
Description |
Value |
|---|---|---|
| window-size | Specifies the global IPSec anti-replay window size. |
The value can be 32, 64, 128, 256, 512, or 1024, in bits. |
Usage Scenario
In some situations, for example, network congestion occurs or QoS is performed for packets, the sequence numbers of some service data packets may be unusual. The device that has IPSec anti-replay enabled considers the packets replayed and discards them. To prevent packets from being discarded incorrectly, you can disable global IPSec anti-replay or adjust the IPSec anti-replay window size to meet service requirements.
Prerequisites
The anti-replay function has been enabled. By default, the anti-replay function is enabled (through ipsec anti-reply enable command).
Precautions
When both anti-replay window and ipsec anti-replay window are used, the anti-replay window command takes effect. When anti-replay window is not configured, the ipsec anti-replay window command takes effect.