04-06-2006 11:54 AM - edited 02-21-2020 02:21 PM
I and occasionally getting the following message
%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
I know that I can change my anti-replay window size but don't know that reasonable numbers or what impact on resource will result by upping the windows. VoIP generates lots of packets so I am guessing the window size might need to be larger rather than smaller Any suggestions
Remote sites - Cisco 2801 w/ 64/256Mb
Head-End - Cisco 3845 w/ 64/256Mb
04-09-2006 02:28 PM
Hello,
I wouldnt think expanding the window size will have any significant impact on resources. The only resource impacted is memory, since it'll have to remember a larger range of sequence numbers; but I dont think this is a large impact.
You cn go from the default 64 to say 200 if that makes any diff, and increase further.
If your underlying n/w has re-ordering/drop issues due to multiple paths (or LLQ for voip), then increasing the window size will postpone replay error drops. If at 200, you still have drops - say the low priority is still getting dropped, you will have to increase the window further.
bottomline is, there is no recommended value as such. Will be a trial-error, based on the particular n/w scenario,
Hope this helps.
Regards
-Sunil.
04-10-2006 04:08 AM
Thanks! As a window size increase I would not think that it would have much impact but...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide