Bug ID 1178221: In IPsec IKEv2, packet memory corruption after retransmitted ISAKMP with NAT

Last Modified: Mar 26, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,, 17.0.0,,

Fixed In:

Opened: Oct 17, 2022
Severity: 2-Critical


When the retransmit happens, and other side is not reachable, the BIG-IP logs the "err packet length does not match field of ikev2 header" and then "ERR dropping unordered message".


Wrong information logged. DPD response packet corruption.


Tunnel is established between Initiatior and Responder. Responder is able to send DPD request. but not able to receive response.



Fix Information

Logs will display correct message. Packet will not corrupt.

Behavior Change