PrepAway - Latest Free Exam Questions & Answers

Which command is used to help avoid TCP Fragmentation when configuringIPSecon a NetScreendevice?

Which command is used to help avoid TCP Fragmentation when configuringIPSecon a NetScreendevice?

PrepAway - Latest Free Exam Questions & Answers

A.
set flow

B.
settcp-mss flow

C.
set flowtcp-mss

D.
set mss-flow size

Explanation:

It is possible that phase 2 of Internet Key Exchange (IKE) is failing because of a fragmentation issue. When IKE phase 2negotiationis encrypted, an additionalIPSecheader is added which can result in a large packet. Depending on the media types between the two IKE gateways, it is possible that a link may have an MTU setting smaller than the IKE phase 2 packetsize. WorkaroundSet the Maximum Segment Size (MSS) for all traffic passing through a tunnel. To set the MSS to 1400 bytes (recommended), from the CLI, issue the command:
setflowtcp-mss 1400 [Enter]
http://2550.support.netscreen.safeharbor.com/knowbase/root/public/nskb1474.htm

One Comment on “Which command is used to help avoid TCP Fragmentation when configuringIPSecon a NetScreendevice?


Leave a Reply