EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1297 background imageLoading...
Page #1297 background image
63-17
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 63 Configuring IKE, Load Balancing, and NAC
Configuring IPsec
Note Changing the MTU or the pre-fragmentation option on any interface tears down all existing connections.
For example, if 100 active tunnels terminate on the public interface, and you change the MTU or the
pre-fragmentation option on the external interface, all of the active tunnels on the public interface are
dropped.
Fields
• Pre-Fragmentation—Shows the current pre-fragmentation configuration for every configured
interface.
–
Interface—Shows the name of each configured interface.
–
Pre-Fragmentation Enabled—Shows, for each interface, whether pre-fragmentation is
enabled.
–
DF Bit Policy—Shows the DF Bit Policy for each interface.
• Edit—Displays the Edit IPsec Pre-Fragmentation Policy dialog box.
Modes
The following table shows the modes in which this feature is available:
Edit IPsec Pre-Fragmentation Policy
Use this pane to modify an existing IPsec pre-fragmentation policy and do-not-fragment (DF) bit policy
for an interface selected on the parent pane, Configuration > VPN > IPsec > Pre-Fragmentation
Fields
• Interface—Identifies the chosen interface. You cannot change this parameter using this dialog box.
• Enable IPsec pre-fragmentation—Enables or disables IPsec pre-fragmentation. The adaptive
security appliance fragments tunneled packets that exceed the MTU setting before encapsulating
them. If the DF bit on these packets is set, the adaptive security appliance clears the DF bit,
fragments the packets, and then encapsulates them. This action creates two independent,
non-fragmented IP packets leaving the public interface and successfully transmits these packets to
the peer site by turning the fragments into complete packets to be reassembled at the peer site.
• DF Bit Setting Policy—Choose the do-not-fragment bit policy: Copy, Clear, or Set.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals