[c-nsp] ASA: IPSec replay window size change
Randy
randy_94108 at yahoo.com
Sat May 28 16:39:00 EDT 2016
IIRC, if the change you made was global, existing SA's wouldn't use new replay-window size.
If you want existing-SA's to use new replay-window size, change would be to individual crypto-map entries.
./Randy
----- Original Message -----
From: Artem Viklenko <artem at viklenko.net>
To: cisco-nsp at puck.nether.net
Sent: Saturday, May 28, 2016 10:25 AM
Subject: [c-nsp] ASA: IPSec replay window size change
Hi, All!
Having periodic replay window alerts with some customers,
we desides to increase replay window globally to the max
value of 1024 using the command
crypto ipsec security-association replay window-size 1024
But I can't find info how it is affects existing SAs.
I think that new window size will be applied to new SAs.
But what will happen with exising ones. My main concern:
is it non-dusruptive to apply this change on production
firewall?
Thanks in advance!
--
Regards!
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list