Hey,

I'm trying to enable np6 offloading of ipsec traffic on a set of 500D routers. But, for some reason, after setting what appear to be the correct settings and verifying it isn't disabled anywhere, it isn't offloading.  All I can think of is there is some case preventing offloading that I am missing.

I'm hoping someone will see something that I'm missing.  Here are the basic settings:

config system npu
  set enc-offload-antireplay enable
  set dec-offload-antireplay enable
  set offload-ipsec-host enable
end

config vpn ipsec phase1-interface
edit "GW-"
set interface "wan1"
set ike-version 2
set local-gw 
set proposal 3des-sha1 aes128-sha1
set remote-gw 
set psksecret ENC
next

config vpn ipsec phase2-interface
edit "GW-"
set phase1name "GW-"
set proposal 3des-sha1 aes128-sha1
set keepalive enable
set auto-negotiate enable
set src-addr-type name
set dst-addr-type name
set src-name "all"
set dst-name "all"
next

Proof that it doesn't appear to be offloading.

di vpn ipsec status
All ipsec crypto devices in use:
NP6_0
null: 0 0
des: 0 0
3des: 0 0
aes: 0 0
aria: 0 0
seed: 0 0
null: 0 0
md5: 0 0
sha1: 0 0
sha256: 0 0
sha384: 0 0
sha512: 0 0
CP8:
null: 0 0
des: 0 0
3des: 20537285 20684867
aes: 1265609022 1284979222
aria: 0 0
seed: 0 0
null: 0 0
md5: 0 0
sha1: 1286148168 1305664053
sha256: 0 0
sha384: 0 0
sha512: 0 0

Any suggestions would be greatly apprciated.

Thanks,

Chris