No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-Why Does a Device Restart at One End Result in a Service Interruption for a Period During Manual IPSec Negotiation

Publication Date:  2015-07-02 Views:  339 Downloads:  0
Issue Description
Why Does a Device Restart at One End Result in a Service Interruption for a Period During Manual IPSec Negotiation?
Solution
In manual mode, devices at both ends of a tunnel do not send negotiation packets to each other. When a device recovers from a restart and sends packets, its peer regards the packets as replay attack packets till the sequence number of a packet reaches the sequence number from where the last communication is interrupted You can also run the reset ipsec sa command to reset SA information and sequence number counters at both ends. The IKE negotiation mode is recommended on a live network.

END