Nortel 4134 Guia Do Utilizador
164
IPsec VPN configuration
The DF bit value for an interface can be set, copy, or clear. If the DF bit
value is configured as
value is configured as
set
for an interface, it forces PMTU discovery
regardless of the value of the DF bit value in the clear packet. If the DF bit
value is configured as
value is configured as
copy
, this enables PMTU only when the clear packet
is generated with the DF bit set. If the DF bit value is configured as
clear
,
PMTU is not enabled.
Procedure steps
Step
Action
1
To enter the configuration mode, enter:
configure terminal
2
To specify crypto configuration for IPsec and IKE, enter:
crypto
3
To configure df bit, enter:
pmtu df-bit {set | copy | clear} <if-name>
—End—
Configuring the MTU threshold value
Configure the MTU threshold value. If the MTU value received in “ICMP
PMTU” is less than the threshold, PMTU discovery is reset for that particular
SA. That is, the DF bit is cleared for the particular SA.
PMTU” is less than the threshold, PMTU discovery is reset for that particular
SA. That is, the DF bit is cleared for the particular SA.
Procedure steps
Step
Action
1
To enter the configuration mode, enter:
configure terminal
2
To specify crypto configuration for IPsec and IKE, enter:
crypto
3
To configure threshold MTU value, enter:
pmtu threshold-mtu <mtu-value>
—End—
Configuring processing of unsecured ICMP messages
Enable or disable processing of clear, unsecured ICMP messages.
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.