Last Modified: Jan 19, 2023
See more info
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 220.127.116.11
Opened: Nov 10, 2021
Tunnel establishment fails when an IPv6 DNS IP address is provided in the IKE_AUTH payload. As per RFC it should be 16 octets, but BIG-IP sends 17 octets(that is, it tries to provide the subnet info also).
Tunnel will not establish.
Initiator requests an IPv6 DNS IP during tunnel negotiation.
The INTERNAL_IP6_DNS payload is now filled with only the IPv6 address (the subnet is excluded).