respond-bad-spi

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of Junos OS.

Description

Enable response to invalid IPsec Security Parameter Index (SPI) values. If the security associations (SAs) between two peers of an IPsec VPN become unsynchronized, the device resets the state of a peer so that the two peers are synchronized.

Options

number —Number of times to respond to invalid SPI values per gateway.

Range: 1 through 30

Default: 5

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.