ipsec global mtu-check enable

Function

The ipsec global mtu-check enable command enables the MTU check function for packets on an IPsec tunnel.

The undo ipsec global mtu-check enable command disables the MTU check function for packets on an IPsec tunnel.

By default, the MTU check function is not enabled for packets on an IPsec tunnel.

This command is supported only on the NetEngine 8000 F1A.

Format

ipsec global mtu-check enable

undo ipsec global mtu-check enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ike write

Usage Guidelines

After the MTU check function is enabled for packets on an IPsec tunnel, if the DF value is 1 in an IP packet header entering the IPsec tunnel, the MTU of the IP packet is checked. If the MTU of the packet exceeds the configured threshold, the packet is dropped, and an ICMP error packet is returned.

Example

# Enable the MTU check function for packets on an IPsec tunnel.
<HUAWEI> system-view
[~HUAWEI] ipsec global mtu-check enable
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >