cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2880
Views
5
Helpful
3
Replies

changing the crypto ipsec security-association replay (window size) on an FTD thru FMC

JJEOROME
Level 1
Level 1

We are receiving replay errors on a router, it was suggested we use the crypto ipsec security-association replay {window size} command to increase window size-- how do we do this thru FMC?  On the ASA it is a snap 

2 Accepted Solutions

Accepted Solutions

You would need to use FlexConfig to do this.

1. in FMC go to Objects and create a new FlexConfig object 

2. Enter the command you would like to add to the FTD (ipsec security-association replay window-size 64  for example) and save

3. Go to Devices > FlexConfig and create a FlexConfig policy if you have not done so already

4. select the FlexConfig object you just created (should be located in user defined area) and then click the > symbol to add to the policy.

5. click save and deploy

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Normally all commands you add using flexconfig will be append. Prepend is most commonly used when using "clear" or "no" commands.

So with that in mind, the policy will be an append.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

3 Replies 3

You would need to use FlexConfig to do this.

1. in FMC go to Objects and create a new FlexConfig object 

2. Enter the command you would like to add to the FTD (ipsec security-association replay window-size 64  for example) and save

3. Go to Devices > FlexConfig and create a FlexConfig policy if you have not done so already

4. select the FlexConfig object you just created (should be located in user defined area) and then click the > symbol to add to the policy.

5. click save and deploy

--
Please remember to select a correct answer and rate helpful posts

One last think would this be considered a prepend or append policy ? 

Normally all commands you add using flexconfig will be append. Prepend is most commonly used when using "clear" or "no" commands.

So with that in mind, the policy will be an append.

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card