Last Modified: Dec 05, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4
Fixed In:
17.1.2
Opened: May 23, 2024 Severity: 3-Major
If an IPsec tunnel is deleted, the remote peer will not know about the deletion and invalid Security Associations (SAs) will remain valid.
Multiple SAs will be present on remote peer for some time.
- Create IPsec interface mode tunnel. - Establish tunnel. - Change the configuration so that tunnel will be recreated. - Check on remote peer. SAs is not deleted immediately.
The old SAs can be manually deleted on the peer device.
The BIG-IP will send a delete message to inform the remote peer about deleted SAs.