Last Modified: Nov 05, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
17.1.3, 17.5.1, 17.5.1.2, 17.5.1.3
Fixed In:
21.0.0
Opened: Sep 04, 2025 Severity: 2-Critical
When the Access policy is configured in a route domain using the "Route Domain and SNAT Selection" agent, or when a virtual server is configured in any route domain, a VPN connection may fail with the error: "iSession: Connection error: isession_handle_syn:3740: No peer:4". This issue is applicable only to Windows-based Edge clients and Browser clients.
VPN connection may fail
1. Windows client is used 2. Access policy is configured in route domain or Route domain is configured on VS 3. User tries to establish VPN connection
Any of the following workarounds can be applied: -- Configure route domain with parent as default route domain. In some cases we may need to disable "strict isolation", In addition to parent as default route domain. -- Disable ipv6 using "tmsh modify sys db ipv6.enabled value false" -- tmsh modify sys db isession.ctrl.apm value disable
VPN connection should be established when the APM access policy is configured with route domain.