IPsec Anti-Replay Window: Expanding and Disabling
12.3(14)T 12.2(33)SRA 12.2(33)SRA
Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers. Currently, the default window size is 64 packets. Generally, this number (window size) is sufficient, but there are times when you may want to expand this window size. The IPsec Anti-Replay Window: Expanding and Disabling feature allows you to expand the window size, allowing the decryptor to keep track of more than 64 packets.
This feature was introduced in Cisco IOS Release 12.3(14)T.
This feature was integrated into Cisco IOS Release 12.2(33)SRA.
This feature was integrated into Cisco IOS Release 12.2(18)SXF6.
The following commands were introduced or modified: crypto ipsec security-association replay disable, crypto ipsec security-association replay window-size, set security-association replay disable, set security-association replay window-size .