Filter
Top Products
34-17
Cisco ASDM User Guide
OL-16647-01
Chapter 34 IKE
IPsec
Fields
• Pre-Fragmentation—Shows the current pre-fragmentation configuration for every configured
interface.
–
Interface—Shows the name of each configured interface.
–
Pre-Fragmentation Enabled—Shows, for each interface, whether pre-fragmentation is
enabled.
–
DF Bit Policy—Shows the DF Bit Policy for each interface.
• Edit—Displays the Edit IPsec Pre-Fragmentation Policy dialog box.
Modes
The following table shows the modes in which this feature is available:
Edit IPsec Pre-Fragmentation Policy
Use this panel to modify an existing IPsec pre-fragmentation policy and do-not-fragment (DF) bit policy
for an interface selected on the parent panel, Configuration > VPN > IPsec > Pre-Fragmentation
Fields
• Interface—Identifies the selected interface. You cannot change this parameter using this dialog
box.
• Enable IPsec pre-fragmentation—Enables or disables IPsec pre-fragmentation. The security
appliance fragments tunneled packets that exceed the MTU setting before encapsulating them. If the
DF bit on these packets is set, the security appliance clears the DF bit, fragments the packets, and
then encapsulates them. This action creates two independent, non-fragmented IP packets leaving the
public interface and successfully transmits these packets to the peer site by turning the fragments
into complete packets to be reassembled at the peer site.
• DF Bit Setting Policy—Selects the do-not-fragment bit policy: Copy, Clear, or Set.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——