12-14-2006 10:06 AM - edited 02-21-2020 01:21 AM
I realize that IOS has the ability to clear the df-bit but does the PIX have that same functionality? I'm currently working with a Netscreen peer who has a much larger pool of 'tweaks' available to him than I am noticing on my PIX 535 with PIX OS 7.2. My issues are with anti-replay and I cannot even disable the anti-replay feature without disabling IKE, and we cannot configure all of our VPN peers manually.
My basic question is if clearing the df-bit is possible on the PIX?
Thank you all for looking/responding.
Solved! Go to Solution.
12-14-2006 12:45 PM
Chris,
Yes, it is possible to clear the df bit on the Pix for IPSEC Tunnel in version 7.2.
The command is:
crypto ipsec df-bit
Please refer the below URL for details:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/c5_711.htm#wp2064176
Regards,
Arul
** Please rate all helpful posts **
12-14-2006 12:45 PM
Chris,
Yes, it is possible to clear the df bit on the Pix for IPSEC Tunnel in version 7.2.
The command is:
crypto ipsec df-bit
Please refer the below URL for details:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/c5_711.htm#wp2064176
Regards,
Arul
** Please rate all helpful posts **
12-15-2006 03:55 AM
Thank you, I guess I've been too focused on troubleshooting and overlooked this. I appreciate the extra brain and set of eyes on this one.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide