 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
To enable fragmentation of IP version 4 (IPv4) packets in IPSec tunnels, include the clear-dont-fragment-bit statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level:
-
clear-dont-fragment-bit;
Setting the clear-dont-fragment-bit statement clears the Don’t Fragment (DF) bit in the packet header, regardless of the packet size. If the packet size exceeds the tunnel maximum transmission unit (MTU) value, the packet is fragmented before encapsulation. For IPSec tunnels, the default MTU value is 1500 regardless of the interface MTU setting.
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |