Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


clear-dont-fragment-bit (Services IPsec VPN)


Hierarchy Level


Clear the do not fragment (DF) bit on all IP version 4 (IPv4) packets entering the IPsec tunnel. If the encapsulated packet size exceeds the tunnel maximum transmission unit (MTU), the packet is fragmented before encapsulation.

By default, this statement is disabled (the DF bit value is not cleared on the inner header and outer header by default).

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.