Cisco Cisco Packet Data Gateway (PDG)
replay window-size
Configures the IPSec anti-replay window size in packets (RFC 6479).
Product
ePDG
FA
GGSN
HA
HeNBGW
HNBGW
HSGW
MME
P-GW
PDSN
S-GW
SAEGW
SCM
SecGW
SGSN
Privilege
Security Administrator
Syntax Description
replay window-sizewindow_size
window_size
Specifies the size of the anti-replay window in packets. Enter one of the following integers to change the
number of packets in the window: 32, 64 (default), 128, 256, 384, 512.
number of packets in the window: 32, 64 (default), 128, 256, 384, 512.
Increasing the anti-replay window size has no impact on throughput and security.
Usage Guidelines
IPSec authentication provides anti-replay protection against an attacker duplicating encrypted packets by
assigning a unique sequence number to each encrypted packet. (Security association [SA] anti-replay is a
security service in which the receiver can reject old or duplicate packets to protect itself against replay attacks.)
The decryptor checks off the sequence numbers that it has seen before. The encryptor assigns sequence
numbers in an increasing order. The decryptor remembers the value X of the highest sequence number that
it has already seen. N is the window size, and the decryptor also remembers whether it has seen packets having
assigning a unique sequence number to each encrypted packet. (Security association [SA] anti-replay is a
security service in which the receiver can reject old or duplicate packets to protect itself against replay attacks.)
The decryptor checks off the sequence numbers that it has seen before. The encryptor assigns sequence
numbers in an increasing order. The decryptor remembers the value X of the highest sequence number that
it has already seen. N is the window size, and the decryptor also remembers whether it has seen packets having
Command Line Interface Reference, Modes C - D, StarOS Release 19
1108
Crypto IPSec Configuration Mode Commands
replay window-size