Last Modified: Apr 09, 2026
Affected Product(s):
BIG-IP APM
Known Affected Versions:
21.0.0, 21.0.0.1
Opened: Dec 02, 2025 Severity: 3-Major
When both LTM IPSEC and Access VPN solutions are configured on the same device, traffic intended for the Access Virtual Server is incorrectly routed to the LTM IPSEC forwarding virtual server . As a result, Access VPN traffic fails to be processed by the intended Access Virtual Server.
-- Access VPN functionality does not work as expected. -- Internal Access virtual server never receives Access VPN traffic. -- Both Tunnel solutions cannot function simultaneously on the same VLAN. -- Deployments requiring coexistence of LTM IPSEC + Access VPN are blocked unless the workaround is applied.
-- The configuration includes both LTM IPSEC and Access VPN on the same system. -- LTM IPSEC uses a wildcard IP-forwarding virtual server. -- Access VPN is configured, which internally relies on an HTTP Access virtual server + internal Access forwarding VS. -- VPN traffic is initiated for Access VPN. Under these conditions, Access VPN traffic is consistently routed to LTM’s wildcard forward virtual server instead of the Access virtual server.
Use separate VLANs for LTM IPSEC and Access VPN. When LTM IPSEC and Access VPN are placed on different VLANs, traffic flows independently and correctly to their respective virtual servers without conflict. There is no full fix or configuration?based resolution without using separate VLANs.
None