Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1202
Views
8
Helpful
4
Replies

IPSec and mis-ordered frames

brian.holmes
Level 1
Level 1

‎02-10-2011 01:38 PM - edited ‎02-21-2020 05:09 PM

How does Cisco's IPSec implementations handle mis-ordered frames? Does it simply drop, re-order them or pass them for decryption. ( IPSec sequence # coming in out of order)

Sent from Cisco Technical Support iPhone App

Brian Holmes
Labels:
0 Helpful
4 Replies 4

manish arora
Level 6
Level 6

‎02-10-2011 02:30 PM

Two IPSec peers can send millions of packets, a  64-packet sliding window is implemented to bound the amount of memory  required to tally the receipt of a peer's packets. Packets can arrive  out of order, but they must be received within the scope of the window  to be accepted. If they arrive too late (outside the window), they are  dropped.

Manish

brian.holmes
Level 1
Level 1

‎02-10-2011 06:05 PM

Does Cisco VPN clients for Windows/Mac also implement a 64 packet window?

Sent from Cisco Technical Support iPhone App

Brian Holmes
0 Helpful

manish arora
Level 6
Level 6
In response to brian.holmes

‎02-10-2011 06:24 PM

Not sure about VPN client etc , but i think  that this should apply to every device using ESP encryption as this is in accordance with the RCF 2401  that provides some sort of packet integerity.

check this out for more detail :-

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/IPSecQoS.html#wp56337

Manish

brian.holmes
Level 1
Level 1

‎02-11-2011 04:54 AM

Thanks for the pointer...I see the example in appendix C of the RFC

Sent from Cisco Technical Support iPhone App

Brian Holmes
0 Helpful
Customers Also Viewed These Support Documents