Bug ID 2163589: Access?IPsec traffic may be incorrectly routed to LTM IPsec wildcard forwarding virtual server

Last Modified: Feb 24, 2026

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
21.0.0, 21.0.0.1

Opened: Dec 02, 2025

Severity: 2-Critical

Symptoms

When both LTM IPSEC and Access IPSEC solutions are configured on the same device, traffic intended for the Access IPSEC Virtual Server is incorrectly routed to the LTM IPSEC forwarding virtual server . As a result, Access IPSEC VPN traffic fails to be processed by the intended Access Virtual Server.

Impact

-- Access IPSEC functionality does not work as expected. -- Access virtual server never receives Access-IPSEC VPN traffic. -- Both IPSEC solutions cannot function simultaneously on the same VLAN. -- Deployments requiring coexistence of LTM IPSEC + Access IPSEC are blocked unless the workaround is applied.

Conditions

-- The configuration includes both LTM IPSEC and Access IPSEC on the same system. -- LTM IPSEC uses a wildcard IP-forwarding virtual server. -- Access IPSEC is configured, which internally relies on an HTTP Access virtual server + internal Access forwarding VS. -- VPN traffic is initiated for Access IPSEC. Under these conditions, Access IPSEC traffic is consistently routed to LTM’s wildcard forward virtual server instead of the Access virtual server.

Workaround

Use separate VLANs for LTM IPSEC and Access IPSEC. When LTM IPSEC and Access IPSEC are placed on different VLANs, traffic flows independently and correctly to their respective virtual servers without conflict. There is no full fix or configuration?based resolution without using separate VLANs.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips