Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Replay Protection

    Posted 10-29-2008 13:01

    C&E-Guide says:

     

    Replay Protection: A replay attack occurs when somebody intercepts a series of packets and uses them
    later either to flood the system, causing a denial-of-service (DoS), or to gain entry to
    the trusted network. The replay-protection feature enables security devices to check
    every IPSec packet to see if it has been received previously. If packets arrive outside
    a specified sequence range, the security device rejects them.

     

    Can this option cause any problems if one side has this option turned on and the other side not?



  • 2.  RE: Replay Protection

    Posted 10-29-2008 13:05

    [quote]

    Can this option cause any problems if one side has this option turned on and the other side not?

    [/quote]

     

    absolutely... this setting should the same on both units...



  • 3.  RE: Replay Protection

    Posted 10-29-2008 13:56

    Thanks for your quick reply. Can you explain me why?



  • 4.  RE: Replay Protection
    Best Answer

    Posted 10-29-2008 21:30

    Because its one of the parameters in phase 2 of IPSEC vpn and it should match on both sides for sucessful IPSEC negotiation.

     

    Thanks



  • 5.  RE: Replay Protection

    Posted 10-30-2008 00:36
    Thanks, I was not aware of this.


  • 6.  RE: Replay Protection

    Posted 08-11-2009 08:29

    According to the docs this isn't true

     

    ScreenOS also provides a replay protection feature. Use of this

    feature does not require negotiation because packets are always sent with sequence

    numbers. You simply have the option of checking or not checking the sequence

    numbers. (For more information about replay protection, see “Replay Protection”

    on page 12.)