During IKEv2 negotiation, if the length of an encrypted IKEv2 packet exceeds the MTU of the outbound interface of the device, the device fragments the IKEv2 packet for transmission. However, some network devices (such as firewalls and NAT devices) do not permit UDP fragments because of attack defense. As a result, IKEv 2 fragments are discarded and IKEv2 negotiation between the IKE peers fails. In this case, you need to configure IKEv2 packet fragmentation so that the IKEv2 packet longer than the MTU specified by mtu-size is fragmented before being encrypted. This configuration prevents the encrypted IKEv2 packet from being fragmented before transmission.
The system view is displayed.
The IKE peer view is displayed.
IKEv2 packet fragmentation is enabled.
By default, IKEv2 packet fragmentation is disabled.
IKEv2 packet fragmentation must be enabled on both ends. Otherwise, this function does not take effect.