Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ipsec and IP fragment

Hi,

I know that if a packet is too large, the Cisco router can fragment some packets (if DF bit not set) before encrypting them and encapsulating them in ipsec.

However, is the actual IPSEC packet sent by the router setting the DF bit in the IP outer IP layer header ? I.e. Can the IPSEC packets themselves be fragmented ?

Thanks

1 REPLY
Community Member

Re: ipsec and IP fragment

ok. found the answer to this one...IPSEC packets from Cisco routers always have the DF bit cleared.

192
Views
0
Helpful
1
Replies
CreatePlease to create content