Configuring The Df Bit For The Encapsulating Header In Ipsec Tunnels - Cisco IOS XR Configuration Manual

How to Implement General IPSec Configurations for IPSec Networks
Command or Action
Step 17
show crypto ipsec sa [sa-id | peer ip-address |
profile profile-name | detail | fvrf fvrf-name
| ivrf ivrf-name | location location ]
Example:
RP/0/0/CPU0:router# show crypto ipsec sa peer
172.19.72.120
Step 18
show crypto ipsec summary
Example:
RP/0/0/CPU0:router# show crypto ipsec summary

Configuring the DF Bit for the Encapsulating Header in IPSec Tunnels

This task configures the DF bit for the encapsulating header in IPSec tunnels. The DF bit configuration
is also specified for both service-ipsec and service-gre interfaces.
This IPSec feature is supported only on the Cisco IPSec VPN SPA.
Note
SUMMARY STEPS
1.
2.
3.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/0/CPU0:router# configure
Step 2
crypto ipsec df-bit {clear | set | copy}
Example:
RP/0/0/CPU0:router(config)# crypto ipsec df-bit
clear
or
Cisco IOS XR System Security Configuration Guide
SC-114
configure
crypto ipsec df-bit {clear | set | copy}
end
or
commit
Implementing IPSec Network Security on Cisco IOS XR Software
Purpose
(Optional) Displays SA information based on the
rack/slot/instance location.
Use the optional detail keyword to display additional
•
dynamic SA information. The detail keyword is used
only for software-based SAs. SAs that are configured
under the tunnel-ipsec interface or crypto transport.
(Optional) Displays IPSec summary information.
Purpose
Enters global configuration mode.
Sets the DF bit for the encapsulating header in IPSec
tunnels to all interfaces. You must specify at least
one option for the crypto ipsec df-bit command. If
no global setting is set, the default value is set to
clear.