Last Modified: Jul 12, 2023
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 188.8.131.52
Opened: Nov 10, 2021 Severity: 3-Major
Tunnel establishment fails when an IPv6 DNS IP address is provided in the IKE_AUTH payload. As per RFC it should be 16 octets, but BIG-IP sends 17 octets(that is, it tries to provide the subnet info also).
Tunnel will not establish.
Initiator requests an IPv6 DNS IP during tunnel negotiation.
The INTERNAL_IP6_DNS payload is now filled with only the IPv6 address (the subnet is excluded).