Replay detection

Replay detection is a feature of the IPSec standard for the detection of so-called replay attacks. In a replay attack, an unauthorized station logs data and sends this, either repeatedly or with a delay, to a remote site to simulate a different identity.

Replay detection defines a certain number of consecutive packets (a "window" with the length of "n"). Because the IPSec standard provides the packages with a continuous sequence number, the receiving VPN device can determine whether a packet contains a sequence number from the permitted window. If,  for example, the current highest received sequence number is 10,000 and the window width is 100, then a sequence number of 9,888 is outside the permitted window.

Replay detection discards received packets if:
Please consider the following aspects when configuring the replay-detection window:
Note: You have to weigh-up the application of replay detection for your particular case. Only activate replay detection if the security of the VPN connection is more important to you than interference-free data transfer.