Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA, IPSec pre-fragmentation

We have an site-to-site IPSec-VPN with an external company. This company use rdp to manage their server in our LAN. Suddenly rdp did not function. After I choose the feature IPSec Prefragmentation Policy and set the DF Bit Policy from copy to clear it works again good. What does this option do?

I think the problem started with update WINDOWS2003 MS05-19.

1 REPLY
Anonymous
N/A

Re: ASA, IPSec pre-fragmentation

Sometimes larger packets needs to be fragmented before being transmitted. DF(Dont Fragment) option in the ip packet from the client prevents this fragmentation. When you set clear DF bit, ASA automatically clear this DF bit if the size of the packet is larger than the capacity.

1500
Views
0
Helpful
1
Replies
CreatePlease to create content