Usage Scenario
When IPsec is deployed on a mobile bearer network, new base stations are usually added during network upgrade and capacity expansion, and the device needs to interconnect with these new base stations. In this case, you can enable detection of overlapping IPsec flows so that the device can detect whether to-be-encrypted data flows generated by the new tunnel overlap with existing ones after IKE negotiation. If no, the new tunnel is successfully established. If yes, the new tunnel fails to be established. This requires you analyze the device networking, and plan and deliver more reasonable ACL configurations.
Precautions
- This function does not support NAT traversal.
- This function affects the device performance. You are advised to disable this function when the network operation is stable (without such operations as upgrade or capacity expansion).
- Disable this function immediately after you complete such operations as upgrade or capacity expansion.
