Last Modified: Apr 21, 2022
Affected Product:
See more info
BIG-IP TMOS
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1
Fixed In:
16.1.2.2
Opened: May 18, 2021
Severity: 3-Major
In high availability (HA) setup, after failover, the newly active BIG-IP device, will send ikev2_message_id_sync messages to the other device. If the BIG-IP device did not receive a response, it has to retransmit the packet. Some of the IKE tunnels are trying to retransmitting the packet, but its not going out of BIG-IP due to wrong state of relation between IKE tunnel and connection flow. After 5 retries, it marks the peer as down, and the IKE tunnel is deleted.
Traffic loss.
-- High availability (HA) environment -- IKE tunnels configured -- A failover occurs
None
Fetch latest connection flow during retransmission of IKE/IPSEC packet.