Bug ID 1144477: IKE_SA_INIT uses src port 500 and dst port 4500 after IKE SA deleted

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 17.0.0, 17.0.0.1

Opened: Aug 30, 2022
Severity: 2-Critical

Symptoms

The new IPsec tunnel IKE INIT exchange source port is 500, and the destination port is 4500, but the destination port should be 500.

Impact

Interoperability issue, tunnel will not get established with other devices.

Conditions

This issue is observed after deleting IKE SA from tmsh.

Workaround

None

Fix Information

None

Behavior Change