Last Modified: May 29, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2
Fixed In:
16.1.0, 15.1.4, 14.1.4.4
Opened: Apr 13, 2020 Severity: 4-Minor
IPsec debug level logging does not provide encryption and authentication key information for IKEv1 IKE negotiation. This information is commonly logged by IPsec vendors in order to allow network administrators the ability to decrypt failing ISAKMP exchanges.
Without the encryption and authentication key information, an ISAKMP negotiation cannot be inspected when troubleshooting tunnel negotiation.
-- The BIG-IP system has an IPsec IKEv2 tunnel configured. -- debug level logging is enabled.
None, although the remote peer may log this information.
Added sys db variable 'ipsec.debug.logsk' to enable logging of IKE SA keys.