Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Clear Don't Fragment Bit - PIX

I realize that IOS has the ability to clear the df-bit but does the PIX have that same functionality? I'm currently working with a Netscreen peer who has a much larger pool of 'tweaks' available to him than I am noticing on my PIX 535 with PIX OS 7.2. My issues are with anti-replay and I cannot even disable the anti-replay feature without disabling IKE, and we cannot configure all of our VPN peers manually.

My basic question is if clearing the df-bit is possible on the PIX?

Thank you all for looking/responding.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Clear Don't Fragment Bit - PIX

Chris,

Yes, it is possible to clear the df bit on the Pix for IPSEC Tunnel in version 7.2.

The command is:

crypto ipsec df-bit

Please refer the below URL for details:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/c5_711.htm#wp2064176

Regards,

Arul

** Please rate all helpful posts **

2 REPLIES
Cisco Employee

Re: Clear Don't Fragment Bit - PIX

Chris,

Yes, it is possible to clear the df bit on the Pix for IPSEC Tunnel in version 7.2.

The command is:

crypto ipsec df-bit

Please refer the below URL for details:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/c5_711.htm#wp2064176

Regards,

Arul

** Please rate all helpful posts **

New Member

Re: Clear Don't Fragment Bit - PIX

Thank you, I guess I've been too focused on troubleshooting and overlooked this. I appreciate the extra brain and set of eyes on this one.

603
Views
0
Helpful
2
Replies
CreatePlease to create content