Exam 300-410 topic 1 question 330 discussion

C. Is used to help in the overall IPsec throughput since the end host is able to avoid packet reassembly after packet decryption. Correct: Pre-fragmentation (or Look-Ahead Fragmentation) helps improve IPsec throughput by ensuring that packets are fragmented before they are encrypted. This reduces the need for reassembly at the end host after decryption, leading to better performance and efficiency. E. Does not support Path MTU Discovery Correct: IPsec pre-fragmentation does not support Path MTU Discovery (PMTUD). PMTUD is used to discover the maximum packet size that can be transmitted without fragmentation, but pre-fragmentation is a different approach that works around the MTU issue by fragmenting packets before encryption.

A & C are correct

A, C is correct. https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/www.cisco.com/content/en/us/td/docs/interfaces_modules/shared_port_adapters/configuration/6500series/sipspasw/76cfvpnb.html.xml

A and C is correct I checked cisco documents.

Correct! https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dplane/configuration/xe-16-10/sec-ipsec-data-plane-xe-16-10-book/sec-pre-frag-vpns.html Restrictions for Pre-Fragmentation for IPsec VPNs Take the following information into consideration before this feature is configured: Pre-fragmentation for IPsec VPNs operates in IPsec tunnel mode and IPsec tunnel mode with GRE, but not with IPsec transport mode. Pre-fragmentation for IPsec VPNs configured on the decrypting router in a unidirectional traffic scenario does not improve the performance or change the behavior of either of the peers. Pre-fragmentation for IPsec VPNs occurs before the transform is applied if compression is turned on for outgoing packets. Pre-fragmentation for IPsec VPNs functionality depends on the egress interface crypto ipsec df-bit configuration and the incoming packet “do not fragment” (DF) bit state. See the table below.