Last Modified: Feb 24, 2026
Affected Product(s):
BIG-IP APM
Known Affected Versions:
21.0.0, 21.0.0.1
Opened: Dec 02, 2025 Severity: 2-Critical
When both LTM IPSEC and Access IPSEC solutions are configured on the same device, traffic intended for the Access IPSEC Virtual Server is incorrectly routed to the LTM IPSEC forwarding virtual server . As a result, Access IPSEC VPN traffic fails to be processed by the intended Access Virtual Server.
-- Access IPSEC functionality does not work as expected. -- Access virtual server never receives Access-IPSEC VPN traffic. -- Both IPSEC solutions cannot function simultaneously on the same VLAN. -- Deployments requiring coexistence of LTM IPSEC + Access IPSEC are blocked unless the workaround is applied.
-- The configuration includes both LTM IPSEC and Access IPSEC on the same system. -- LTM IPSEC uses a wildcard IP-forwarding virtual server. -- Access IPSEC is configured, which internally relies on an HTTP Access virtual server + internal Access forwarding VS. -- VPN traffic is initiated for Access IPSEC. Under these conditions, Access IPSEC traffic is consistently routed to LTM’s wildcard forward virtual server instead of the Access virtual server.
Use separate VLANs for LTM IPSEC and Access IPSEC. When LTM IPSEC and Access IPSEC are placed on different VLANs, traffic flows independently and correctly to their respective virtual servers without conflict. There is no full fix or configuration?based resolution without using separate VLANs.
None