Last Modified: May 29, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1
Fixed In:
16.1.0, 15.1.4
Opened: Dec 04, 2020 Severity: 3-Major
IPsec tunnel initially works until the IPsec (ESP) SA is re-negotiated.
IPsec tunnel suddenly stops forwarding packets across the tunnel
-- IKEv2 -- IPsec tunnel uses interface mode ipsec-policy -- IPsec SAs are re-negotiated, for example after the SA lifetime expires -- Traffic selector narrowing occurs due to the BIG-IP and remote peer having different selectors configured
-- Configure the traffic-selectors to be identical on both the BIG-IP and remote IPsec peer.
IPsec tunnel forwards packets after IPsec SAs are re-established.