Site to Site IPSEC VPN problem with firmware 4.38: replay detection
Options
philippegervaix
Posts: 2 Freshman Member
Hello,
since the upgrade to firmware 4.38 from version 4.33 , site-to-site ipsec VPNs make multiple errors this type:
SPI:0x5d5463db SEQ:0x4789c Packet Anti-Replay detected
they disappear for 1 day after deactivation / activation of VPN connections
and then come back the next day
Our configurations haven't changed for a long time and this problem appeared with the update
Zyxel advise me to change the mss of the VPN connection (which is in "auto" mode by default), but I'm not convinced by this solution, because I don't know what value to set to MSS.
Do other people have this problem?
What is the best solution?
Change the MSS?
Back to firmware 4.33?
Thank you in advance
Philippe
since the upgrade to firmware 4.38 from version 4.33 , site-to-site ipsec VPNs make multiple errors this type:
SPI:0x5d5463db SEQ:0x4789c Packet Anti-Replay detected
they disappear for 1 day after deactivation / activation of VPN connections
and then come back the next day
Our configurations haven't changed for a long time and this problem appeared with the update
Zyxel advise me to change the mss of the VPN connection (which is in "auto" mode by default), but I'm not convinced by this solution, because I don't know what value to set to MSS.
Do other people have this problem?
What is the best solution?
Change the MSS?
Back to firmware 4.33?
Thank you in advance
Philippe
0
All Replies
-
The Anti-Replay detection is a mechanism for protecting VPN packet security.
When system received the ESP packets which SPI/SEQ doesn’t match to exist VPN tunnel, then will drop packet and response this log.
The reason may come from attacking from internet or other else.
Don’t worry of this log, since the attack packets already dropped and traffic protected in VPN tunnel and repackaged as ESP packets.
0
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 75 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 890 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 203 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight