Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot set DF-bit globally

I have a asa5510 and when I scp from the VPN client to an inside server the transfer starts and slowly drops in speed until I see a stalled message.

Everywhere I read suggests it is the df-bit problem. I tried to set the df-bit to clear globally with:

crypto ipsec df-bit clear

However, the asa5510 v7.1(2) software apparently requires an interface spec so I have to do a:

crypto ipsec df-bit clear outside

I have to do this on all the interfaces. Is there a way to do this globally AND is this really my problem?

Thnx,

-Rick

1 REPLY
Silver

Re: Cannot set DF-bit globally

The problem may be due to high fragmentation. To fix the fragmentation issue, configure a class-map and add it to the MPF global-policy to allow packets with a larger MSS from that server.

117
Views
0
Helpful
1
Replies
CreatePlease login to create content