09-01-2004 03:22 AM
Hi!
Does anyone know? about IOS router
if the original packet's header has DFbit or IPprecedence value etc,
Are these field copied on the header of the encrypted packet?
if so, is there any way to override these field?
regards
09-01-2004 07:10 AM
For overide Df bit you can use some like that:
interface f0/0
ip policy route-map clear-df
route-map clear-df permit 10
match ip address 101
set ip df 0
access-list 101 permit ip 10.254.50.0 0.0.0.127 any
I presume that packet with df bit set will come from int f0/0
09-01-2004 01:17 PM
As far as the DFbit goes you by default the encrypted packet copies the value into the header of the unencrypted packet. You can change this by using the following command either in global config or under interface config for the interface that has the crypto map applied to it. The command is as follows
crypto ipsec df-bit [ clear | set | copy ]
and as I said copy is the default value.
See the following link for more info
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ftdfipsc.htm
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide