passive-mode-tunneling (MX-SPC3 Services Card)
Syntax
passive-mode-tunneling;
Hierarchy Level
[edit security ipsec vpn vpn-name]
Description
Allows tunneling of malformed packets. By default this feature is disabled. Starting in Junos OS Release 23.1R1, passive mode tunneling is supported on MX-SPC3 services card. When you enable this statement –
-
Traffic bypasses the usual active IP checks.
-
There is no effect on the TTL value (decrement) as IPsec tunnel is not treated as the next hop.
-
Even if the packet size exceeds the tunnel MTU value, it doesn't generate ICMP error message.
Ensure to configure passive-monitor-mode before enabling
passive-mode-tunneling
option so that malformed
packets can reach the MX-SPC3 services card from the Packet Forwarding
Engine (PFE). See passive-monitor-mode.
Options
No specific options are needed. By default its disabled. If the statement is configured, its enabled.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 23.1R1 on MX-SPC3 services card.