Filter
Top Products
Chapter 6
Advanced Features
E-DOC-CTC-20051017-0169 v0.1
208
Don’t Fragment bit
[force_df]
IPSec encryption increases the packet length. When the MTU of a link is adjusted to
pass the largest IP packet unfragmented, then messages encapsulated by IPSec will
not pass if the Don’t Fragment bit is set. In some cases, it might be required to
influence the fragmentation behaviour to remedy such problems.
The SpeedTouch™ allows treating the DF bit in three different ways:
Pass the DF bit unchanged.
Force the DF bit to zero. With the DF bit cleared, fragmentation is allowed.
Force the DF bit to one. With the DF bit set, fragmentation of messages is not
allowed.
Minimal MTU [min_mtu] This option sets the minimal negotiated value of the “Maximum Transmission Unit”
(the largest packet size). The fact that no lower value than this minimal value is
accepted forms a protection against an attack with ICMP “fragmentation needed”
messages.
Add Route [add_route] This option is relevant in routed mode only. The option determines whether or not
routes are automatically added to the routing table.
When enabled, a route to the remote red network is automatically added to the
routing table, via the Physical Interface of the peer to which the connection is
attached.
When disabled, the routing table has to be adapted manually in order to ensure IP
connectivity between the local and remote red networks.
force_df Possible values default value
p ass fo rce _set
force_clear
pass
min_mtu Unit default value
octets 1000
add_route Possible values default value
enabled
disabled
enabled