Bug ID 452090: No two identical traffic selector is supported

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AAM, LTM(all modules)

Known Affected Versions:
11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Fixed In:
11.6.0

Opened: Mar 12, 2014
Severity: 3-Major
Related AskF5 Article:
K15808

Symptoms

Racoon process can crash/restart when duplicate traffic selectors are configured.

Impact

IPsec Tunnel negotiation may fail and traffic will not pass.

Conditions

Configuring two identical traffic selectors can cause this issue.

Workaround

Please remove the duplicate traffic selector.

Fix Information

MCPD validation checks are added now to make sure that user will not be able to configure two identical traffic selectors [same src/dst addr, same src/dst netmask , same src/dst port and same IP protocol].

Behavior Change