Bug ID 446352: NAT-T and IPsec is not working when tunnel endpoint has floating IP address

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP None(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4

Fixed In:
11.6.0, 11.5.1 HF5, 11.4.1 HF9

Opened: Jan 27, 2014

Severity: 3-Major

Symptoms

IKE negotiation fails with NAT-T and floating tunnel end point address.

Impact

Tunnel never comes up.

Conditions

NAT_T configured on BIG-IP and the IPsec tunnel endpoint address is floating

Workaround

Nothing

Fix Information

IKE negotiation is now successful and the IPsec tunnel comes up properly and passes traffic with NAT-T and floating tunnel end point address.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips