Last Modified: Feb 07, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1
Fixed In:
17.1.0, 17.0.0, 16.1.2.2
Opened: Nov 10, 2021 Severity: 3-Major
Tunnel establishment fails when an IPv6 DNS IP address is provided in the IKE_AUTH payload. As per RFC it should be 16 octets, but BIG-IP sends 17 octets(that is, it tries to provide the subnet info also).
Tunnel will not establish.
Initiator requests an IPv6 DNS IP during tunnel negotiation.
None
The INTERNAL_IP6_DNS payload is now filled with only the IPv6 address (the subnet is excluded).