Bug ID 1010245: Duplicate ipsec-sa SPI values shown by tmsh command

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Fixed In:
16.1.0, 15.1.4.1

Opened: Apr 08, 2021

Severity: 3-Major

Symptoms

A tmsh command which shows ipsec-sa instances can display the 32-bit SPI more than once for the same security association (SA) but in different tmm instances.

Impact

The duplicate SPI displayed is a cosmetic effect only.

Conditions

Especially in the context of failover where Standby becomes Active, sometimes the same SA appears more than once when shown by a tmsh command, but in different tmms.

Workaround

None

Fix Information

Fixed an issue with duplicate SA reporting when using the tmsh show net ipsec ipsec-sa command.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips