Sometimes you see erros like this on a Cisco router.
%IOSXE-3-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:0002185922034562192 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 13, src_addr <A.A.A.A>, dest_addr <B.B.B.B>, SPI 0x3caaaeb7
If you know that these packets are legitimate packets from your VPN endpoints, it means that some mechanism changes the order of the packets and these causes packet drops on the receiving end.
In order to overcome this one can apply the following command in order to increase the IPSec receive window.
crypto ipsec security-association replay window-size 1024
Cisco Reference:
