Bug ID 1106273: "duplicate priming" assert in IPSECALG

Last Modified: Sep 29, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,, 17.0.0,

Opened: May 12, 2022
Severity: 2-Critical


This is a specific issue with a complicated firewall/NAT/IPSEC scenario. In this case, when applying changes to a firewall policy in transparent mode, IPSECALG triggers a "duplicate priming" assert


TMM asserts with "duplicate priming" assert. Traffic disrupted while tmm restarts.


When an IPSec session is established from a device with a source IP which has a firewall policy (transparent mode). As soon as traffic is passed over the new IPSec tunnel, this clash in the rules results in a tmm core.



Fix Information


Behavior Change