Cisco Cisco ASR 5700
Crypto Map IKEv2-IPv4 Configuration Mode Commands
▀ control-dont-fragment
▄ Command Line Interface Reference, StarOS Release 17
2880
control-dont-fragment
Controls the Don’t Fragment (DF) bit in the outer IP header of the IPSec tunnel data packet.
Product
ePDG
FA
GGSN
HA
HeNBGW
HNBGW
HSGW
MME
P-GW
PDSN
S-GW
SAEGW
SCM
SecGW
SGSN
Privilege
Security Administrator
Syntax
control-dont-fragment { clear-bit | copy-bit | set-bit }
clear-bit
Clears the DF bit from the outer IP header (sets it to 0).
copy-bit
Copies the DF bit from the inner IP header to the outer IP header. This is the default action.
set-bit
Sets the DF bit in the outer IP header (sets it to 1).
Usage
A packet is encapsulated in IPsec headers at both ends. The new packet can copy the DF bit from the original
unencapsulated packet into the outer IP header, or it can set the DF bit if there is not one in the original
packet. It can also clear a DF bit that it does not need.
unencapsulated packet into the outer IP header, or it can set the DF bit if there is not one in the original
packet. It can also clear a DF bit that it does not need.
Example
The following command sets the DF bit in the outer IP header: