Bug ID 1010245: Duplicate ipsec-sa SPI values shown by tmsh command

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Fixed In:

Opened: Apr 08, 2021

Severity: 3-Major


A tmsh command which shows ipsec-sa instances can display the 32-bit SPI more than once for the same security association (SA) but in different tmm instances.


The duplicate SPI displayed is a cosmetic effect only.


Especially in the context of failover where Standby becomes Active, sometimes the same SA appears more than once when shown by a tmsh command, but in different tmms.



Fix Information

Fixed an issue with duplicate SA reporting when using the tmsh show net ipsec ipsec-sa command.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips