Hi,
I know that if a packet is too large, the Cisco router can fragment some packets (if DF bit not set) before encrypting them and encapsulating them in ipsec.
However, is the actual IPSEC packet sent by the router setting the DF bit in the IP outer IP layer header ? I.e. Can the IPSEC packets themselves be fragmented ?
Thanks