Bug ID 1178221: In IPsec IKEv2, packet memory corruption after retransmitted ISAKMP with NAT

Last Modified: Mar 30, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 17.0.0,,

Fixed In:
17.1.0, 16.1.4, 15.1.9

Opened: Oct 17, 2022

Severity: 2-Critical


When the retransmit happens, and other side is not reachable, the BIG-IP logs the "err packet length does not match field of ikev2 header" and then "ERR dropping unordered message".


Wrong information logged. DPD response packet corruption.


Tunnel is established between Initiatior and Responder. Responder is able to send DPD request. but not able to receive response.



Fix Information

Logs will display correct message. Packet will not corrupt.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips