Bug ID 1690441: IPsec traffic-selector selection algorithm in interface mode

Last Modified: Oct 15, 2025

Affected Product(s):
BIG-IP Install/Upgrade, TMOS(all modules)

Known Affected Versions:
17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3

Opened: Oct 04, 2024

Severity: 3-Major

Related Article: K96223265

Symptoms

IPsec traffic goes down after upgrade, IKE peers start failing health checks, there are issues with traffic selectors.

Impact

BIG-IP returns the wrong SA and traffic gets dropped.

Conditions

-- Peer sends multiple traffic selectors -- The first traffic selector is ICMP using ports 0-65535 This also occurs when an IPSec policy is configured in Interface Mode.

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips