[an error occurred while processing this directive][an error occurred while processing this directive]

clear-dont-fragment-bit

Syntax

clear-dont-fragment-bit;

Hierarchy Level

[edit services service-set service-set-name ipsec-vpn-options]

Release Information

Statement introduced in JUNOS Release 10.0.

Description

Clear the Don’t Fragment (DF) bit on all IP version 4 (IPv4) packets entering the IPsec tunnel. If the encapsulated packet size exceeds the tunnel maximum transmission unit (MTU), the packet is fragmented before encapsulation. This statement is useful for dynamic endpoint tunnels, for which you cannot configure the clear-dont-fragment-bit statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level.

For static IPsec tunnels, setting this statement clears the DF bit on packets entering all the static tunnels within this service set. If you want to clear the DF bit on packets entering a specific tunnel, set the clear-dont-fragment-bit statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level.

Usage Guidelines

See Configuring IPsec Service Sets or Configuring IPsec Rules.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.


Published: 2010-04-28

[an error occurred while processing this directive]