Security Associations (SA)

• Sequence number counter

  • A 32-bit value used to generate the sequence number field in AH or ESP headers

• Sequence counter overflow

  • A flag indicating whether overflow of the sequence number counter should generate an auditable event and prevent further transmission of packets on this SA

• Anti-replay window

  • Used to determine whether an inbound AH or ESP packet is a replay, by defining a sliding window within which the sequence number must fall

Previous slide

Next slide

Back to first slide

View graphic version