Bug ID 1144477: IKE_SA_INIT uses src port 500 and dst port 4500 after IKE SA deleted

Last Modified: Mar 30, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 17.0.0,,

Fixed In:
17.1.0, 16.1.4

Opened: Aug 30, 2022

Severity: 2-Critical


The new IPsec tunnel IKE INIT exchange source port is 500, and the destination port is 4500, but the destination port should be 500.


Interoperability issue, tunnel will not get established with other devices.


This issue is observed after deleting IKE SA from tmsh.



Fix Information

Default configuration was overwritten after tunnel establishment, added valid conditions before overwriting the configuration.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips