IKE (IKE_AUTH) message fragmentation
The AIX® operating system supports fragmentation of IKE (IKE_AUTH) messages with Version 2 (IKEv2).
IKEv2 uses User Datagram Protocol (UDP) traffic to exchange IKE messages. Most IKE (IKE_AUTH) messages are small in size. If you use IKE certificates, the size of the IKE_AUTH message might be large. As a result, the size of the maximum transmission unit (MTU) exceeds beyond the allowed limit at the IP layer, which causes fragmentation of large messages. Few routers block IP fragments and remove them from the queue, which prevents the creation of IP Security (IPsec) tunnels.
In AIX operating system, the IPsec tunnel fragments large IKE(IKE_AUTH) messages by using the IKE_FRAGMENTATION parameter that is enabled in the /etc/isakmpd.conf file. IKEv2 fragmentation is implemented by using RFC7383.
IKE_FRAGMENTATION = YES or NO (default NO)