Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
0
Helpful
1
Replies

Cannot set DF-bit globally

d8k2s9g2k
Level 1
Level 1

‎05-08-2007 09:00 AM - edited ‎03-09-2019 05:56 PM

I have a asa5510 and when I scp from the VPN client to an inside server the transfer starts and slowly drops in speed until I see a stalled message.

Everywhere I read suggests it is the df-bit problem. I tried to set the df-bit to clear globally with:

crypto ipsec df-bit clear

However, the asa5510 v7.1(2) software apparently requires an interface spec so I have to do a:

crypto ipsec df-bit clear outside

I have to do this on all the interfaces. Is there a way to do this globally AND is this really my problem?

Thnx,

-Rick

Labels:
0 Helpful
1 Reply 1

carenas123
Level 5
Level 5

‎05-14-2007 10:30 AM

The problem may be due to high fragmentation. To fix the fragmentation issue, configure a class-map and add it to the MPF global-policy to allow packets with a larger MSS from that server.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents