Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
2
Replies

DFbit/IPprecedence value of the encrypted packet

y-harady
Level 1
Level 1

‎09-01-2004 03:22 AM

Hi!

Does anyone know? about IOS router

if the original packet's header has DFbit or IPprecedence value etc,

Are these field copied on the header of the encrypted packet?

if so, is there any way to override these field?

regards

Labels:
0 Helpful
2 Replies 2

CSCO10456946
Level 1
Level 1

‎09-01-2004 07:10 AM

For overide Df bit you can use some like that:

interface f0/0

ip policy route-map clear-df

route-map clear-df permit 10

match ip address 101

set ip df 0

access-list 101 permit ip 10.254.50.0 0.0.0.127 any

I presume that packet with df bit set will come from int f0/0

0 Helpful

msdonahue
Level 1
Level 1

‎09-01-2004 01:17 PM

As far as the DFbit goes you by default the encrypted packet copies the value into the header of the unencrypted packet. You can change this by using the following command either in global config or under interface config for the interface that has the crypto map applied to it. The command is as follows

crypto ipsec df-bit [ clear | set | copy ]

and as I said copy is the default value.

See the following link for more info

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ftdfipsc.htm

0 Helpful
Customers Also Viewed These Support Documents