Bug ID 907645: IPsec SAs may not be mirrored to HA standby

Last Modified: Apr 17, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2

Fixed In:
16.1.0

Opened: May 08, 2020

Severity: 2-Critical

Symptoms

Some IPsec Security Associations (SAs) may not be mirrored to the HA standby device.

Impact

The HA standby system is unable to take over established tunnels when HA failover happens.

Conditions

-- HA mirrored configured -- Many IPsec tunnels are established

Workaround

None

Fix Information

All IPsec SAs are mirrored to the high availability (HA) standby device.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips