The ipsec remote traffic-identical accept command allows branch or other users to quickly access the headquarters network.
The undo ipsec remote traffic-identical accept command disables quick access to the headquarters network.
By default, the device allows branch or other users to quickly access the headquarters network after their IP addresses are changed.
Usage Scenario
After a branch and headquarters of a company establish an IPSec tunnel, the IP address of the branch gateway interface to which an IPSec policy group is applied changes due to the link status change or other reasons. For example, the branch gateway connects to the Internet through dialup and establishes an IPSec tunnel with the headquarters. As a result, the established IPSec tunnel between the headquarters and branch becomes unavailable. However, this IPSec tunnel still exists before timeout.
If quick access to the headquarters network is disabled, when a branch gateway initiates IPSec negotiation again, the headquarters retains the original IPSec tunnel before the tunnel expires. As a result, the data flows transmitted over the new negotiated IPSec tunnel are the same as those on the original IPSec tunnel, causing a conflict. In this case, the branch and headquarters cannot establish a new IPSec tunnel in a short period of time.
If quick access to the headquarters network is enabled, when a branch gateway initiates IPSec negotiation again, the headquarters deletes the original IPSec tunnel immediately so that the branch and headquarters can establish a new IPSec tunnel quickly.
Prerequisites
Precautions
The ipsec remote traffic-identical accept command is only used to detect whether the same data flows exist in a CPU.