Replay Protection or Anti-Reply Check Failures in IPsec logs

book

Article ID: 171254

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Several warnings can be seen on the firewall or router device's logs, mentioning anti-reply packet protection.

Cause

In some circumstances when IPsec Anti-Replay protection is enabled can cause large amounts of overhead in the tunnel. Packets are sent out of order, this triggers Replay Protection, causing potential issues or warnings in the router/firewall's logs.

Resolution

For more information on how to troubleshoot Replay Protection visit your router/firewall support site. For example, These are some of the links for some common devices.

Cisco: https://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/116858-problem-replay-00.html

Juniper: https://kb.juniper.net/InfoCenter/index?page=content&id=KB6727