Bug ID 1010245: Duplicate ipsec-sa SPI values shown by tmsh command

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4

Fixed In:
16.1.0, 15.1.4.1

Opened: Apr 08, 2021

Severity: 3-Major

Symptoms

A tmsh command which shows ipsec-sa instances can display the 32-bit SPI more than once for the same security association (SA) but in different tmm instances.

Impact

The duplicate SPI displayed is a cosmetic effect only.

Conditions

Especially in the context of failover where Standby becomes Active, sometimes the same SA appears more than once when shown by a tmsh command, but in different tmms.

Workaround

None

Fix Information

Fixed an issue with duplicate SA reporting when using the tmsh show net ipsec ipsec-sa command.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips