Understanding Antireplay

Antireplay is an IPsec feature that can detect when a packet is intercepted and then replayed by attackers. Antireplay is enabled by default for group VPNs but can be disabled for a group with the no-anti-replay configuration statement.

When antireplay is enabled, the group server synchronizes the time between the group members. Each IPsec packet contains a timestamp. The group member checks whether the packet’s timestamp falls within the configured anti-replay-time-window value (the default is 100 seconds). A packet is dropped if the timestamp exceeds the value.

Related Topics

• JUNOS Software Feature Support Reference for SRX Series and J Series Devices
• VPN Overview
• Understanding IKE and IPsec Packet Processing
• Understanding the GDOI Protocol
• Understanding Group Servers and Members
• Understanding VPN Group Configuration