Solved: Re: Clear Don't Fragment Bit - PIX

hyattc256 · ‎12-14-2006

I realize that IOS has the ability to clear the df-bit but does the PIX have that same functionality? I'm currently working with a Netscreen peer who has a much larger pool of 'tweaks' available to him than I am noticing on my PIX 535 with PIX OS 7.2. My issues are with anti-replay and I cannot even disable the anti-replay feature without disabling IKE, and we cannot configure all of our VPN peers manually.

My basic question is if clearing the df-bit is possible on the PIX?

Thank you all for looking/responding.

ajagadee · ‎12-14-2006

Chris,

Yes, it is possible to clear the df bit on the Pix for IPSEC Tunnel in version 7.2.

The command is:

crypto ipsec df-bit

Please refer the below URL for details:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/c5_711.htm#wp2064176

Regards,

Arul

** Please rate all helpful posts **

View solution in original post

ajagadee · ‎12-14-2006