Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP TMOS
Opened: Nov 10, 2022 Severity: 4-Minor
When an IPsec security association (SA) goes up or down, the ltm log receives a message such as: 01010298:5: tmm IPsec: Tunnel up 172.16.1.1 - 172.16.2.2 01010297:5: tmm IPsec: Tunnel down 172.16.2.2 - 172.16.1.1 Normally a "down" message will appear a short time after the Tunnel goes "up", because the "down" log is generated when the old (replaced) SA is deleted. The tunnel is still up, but the log message implies it is down. Additionally the log does not contain information about the traffic-selector associated to the quoted peer IPs. It's not possible to tell which traffic-selector went up or down.
The logs are of little use for troubleshooting or for understanding the current state of an IPsec tunnel.
- IPsec - Default log levels - Security Association (SA) changes state.
None.
None