Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP CGN
Known Affected Versions:
11.5.0
Fixed In:
11.6.0, 11.5.1, 11.5.0 HF1
Opened: Feb 27, 2014 Severity: 2-Critical Related Article:
K15452
If a fastL4 virtual server overlaps with a PPTP virtual server, it is possible that TMM will match the wrong flow during PPTP initiation and crash.
TMM crash
If there is PPTP virtual server that looks like: ltm virtual /Common/pptp_test2 { destination /Common/0.0.0.0:1723 ip-protocol tcp mask any profiles { /Common/pptp_profile_test { } /Common/tcp-lan-optimized { } } source 10.135.67.0/24 source-address-translation { pool /Common/pptp_lsn_pool type lsn } translate-address disabled translate-port enabled } AND there is a fastL4 virtual server that looks like: ltm virtual /Common/bigproto { destination /Common/0.0.0.0:0 ip-forward mask any profiles { /Common/fastL4 { } } source 0.0.0.0/0 translate-address disabled translate-port disabled } Then it is possible for this crash to happen
Either: remove the any:any fastL4 virtual server or create a reject virtual server that will exclude PPTP GRE traffic from the any:any fastL4 VIP. Given the virtual server noted above, the reject virtual server should look like: ltm virtual /Common/gre.trap { destination any:34827 ip-protocol gre mask any profiles { fastL4 {} } reject } Port 34827 (0x880B) is the value TMM uses to indicate that this is a PPP (PPTP GRE) flow. This will reject any stray packet that is sent after/before a PPTP connection is fully established.
If an unexpected connflow is matched, that connflow is abandoned with an error message similar to: Clientside flow (10.10.10.211:34827 -> 10.10.20.7:34827) found, but is not of PPTP GRE proxy type. Creating new flow. Then a new, correct connflow is created and used.