IKEv2 message fragmentation

Large IKEv2 messages (such as authentication exchanges that contain multiple certificates) are fragmented; each message fragment is encrypted and authenticated before being transmitted. On the receiver, the message fragments are verified, decrypted, and merged into the original message. Message fragmentation, as described in RFC 7383, Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation, allows IKEv2 to operate in environments where IP fragments might be blocked and VPN peers would not be able to establish an IPsec security association. IKEv2 message fragmentation is enabled by default on SRX Series devices for IPv4 and IPv6 messages. You can disable fragmentation and, optionally, configure the maximum message size with the fragmentation statement at the [edit security ike gateway gateway-name] hierarchy level.

Product / Application	Software	Introduced Release
vSRX	Junos OS	15.1X49-D80
SRX300	Junos OS	15.1X49-D80
SRX320	Junos OS	15.1X49-D80
SRX340	Junos OS	15.1X49-D80
SRX345	Junos OS	15.1X49-D80
SRX380	Junos OS	20.1R1
SRX550 HM	Junos OS	15.1X49-D80
SRX1500	Junos OS	15.1X49-D80
SRX1600	Junos OS	23.4R1
SRX2300	Junos OS	23.4R1
SRX4100	Junos OS	15.1X49-D80
SRX4120	Junos OS	25.2R1
SRX4200	Junos OS	15.1X49-D80
SRX4300	Junos OS	24.2R1
SRX4600	Junos OS	17.4R2
SRX4700	Junos OS	24.4R1-S2
SRX5400	Junos OS	15.1X49-D80
SRX5600	Junos OS	15.1X49-D80
SRX5800	Junos OS	15.1X49-D80

Feature Explorer AI

IKEv2 message fragmentation

404: Page not found.

IKEv2 message fragmentation