--- Begin Message ---
IIRC, if the change you made was global, existing SA's wouldn't use new
replay-window size.
If you want existing-SA's to use new replay-window size, change would be to
individual crypto-map entries.
./Randy
- Original Message -
From: Artem Viklenko
To: cisco-nsp
Hi, All!
Having periodic replay window alerts with some customers,
we desides to increase replay window globally to the max
value of 1024 using the command
crypto ipsec security-association replay window-size 1024
But I can't find info how it is affects existing SAs.
I think that new window si
> James Bensley
> Sent: Friday, May 27, 2016 7:27 PM
>
> > On 27 May 2016 at 18:07, Adam Vitkovsky
> wrote:
> >> Also I would have thought that in echo mode since each side is
> responsible for checking its own packets independently of the remote end
> then each side can also run its own timers -t
> James Bensley
> Sent: Friday, May 27, 2016 7:21 PM
>
> On 27 May 2016 at 18:07, Adam Vitkovsky
> wrote:
> >> James Bensley
> >> Sent: Friday, May 27, 2016 2:28 PM
> >> To: cisco-nsp@puck.nether.net
> >> Subject: Re: [c-nsp] BFD on ME3600/ME3800/7600s
> >>
> >> In echo mode the local node sends e