Enable Fragmentation Before Encryption on Fabric IPsec Gateway VM

Perform this procedure to fragment packets larger than the IPsec tunnel maximum transmission unit (MTU) before the packets are sent for encryption.

Before you begin

  • Ensure IPsec is disabled on the tunnel. The administrative state must be disabled before you can enable or disable fragmentation before encryption.

  • Configure the IPsec destination IP address or enable responder mode.

About this task

By default, fragmentation before encryption is disabled.

Procedure

  1. Enter Fabric IPsec Gateway Configuration mode:

    enable

    virtual-service WORD<1-128> console

    Note

    Note

    Type CTRL+Y to exit the console.

  2. Enable fragmentation before IPsec encryption:

    set ipsec <1-255> fragment-before-encrypt enable