Raj Singh writes: > Now, say failover happened at 30, 500. So, standby member > becomes active, and it start using IPsec replay counter from 30, > 000. It will be considered as Replay Attack and SA has to be > destroyed.
If you have replayed incoming packets, you do consider that replay attack, and you IGNORE those packets. You DO NOT destroy the SA because of this. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
