Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
0
Replies

Is DF bit copied to the outside header in the GRE over IPsec with ESP transport mode?

Difan Zhao
Level 5
Level 5

‎09-30-2019 02:50 PM

I always have an impression that, with the default config, the original IP header's DF bit is not copied over to the GRE IP header. Is it not correct? The IPSec ESP transport mode should not change it either because it just re-uses the GRE IP headers. Let me know if my understanding is correct or not.

In my environment with DMVPN setup with ASR and ISR, however, I see that the DF bit is being copied to the outer header. I have confirmed that I don't have "tunnel path-mtu-discovery" on the tunnel interface. I also don't have "crypto ipsec df-bit copy" configured, even though I know that it is only for the tunnel mode. 

Any explanation? 

Thanks

Difan

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card