[an error occurred while processing this directive][an error occurred while processing this directive]

anti-replay-window-size

Syntax

anti-replay-window-size bits;

Hierarchy Level

[edit services service-set service-set-name ipsec-vpn-options]

Release Information

Statement introduced in JUNOS Release 10.0.

Description

Specify the size of the IPsec antireplay window. This statement is useful for dynamic endpoint tunnels for which you cannot configure the anti-replay-window-size statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level.

For static IPsec tunnels, this statement sets the antireplay window size for all the static tunnels within this service set. If a particular tunnel needs a specific value for antireplay window size, set the anti-replay-window-size statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level. If antireplay check has to be disabled for a particular tunnel in this service set, set the no-anti-replay statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level.

Note: The anti-replay-window-size and no-anti-replay settings at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level override the settings specified at the [edit services service-set service-set-name ipsec-vpn-options] hierarchy level.

Options

bits—Size of the antireplay window, in bits.

Default: 64 bits (AS PICs), 128 bits (Multiservices PICs and DPCs)
Range: 64 through 4096 bits

Usage Guidelines

See Configuring IPsec Service Sets or Configuring IPsec Rules.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.


Published: 2010-04-28

[an error occurred while processing this directive]