FAQ-Why Does a Device Restart at One End Result in a Service Interruption for a Period During Manual IPSec Negotiation

Publication Date:  2015-07-02 Views:  104 Downloads:  0
Issue Description
Why Does a Device Restart at One End Result in a Service Interruption for a Period During Manual IPSec Negotiation?
Solution
In manual mode, devices at both ends of a tunnel do not send negotiation packets to each other. When a device recovers from a restart and sends packets, its peer regards the packets as replay attack packets till the sequence number of a packet reaches the sequence number from where the last communication is interrupted You can also run the reset ipsec sa command to reset SA information and sequence number counters at both ends. The IKE negotiation mode is recommended on a live network.

END