Last Modified: Oct 16, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 12.0.0, 11.6.0 HF5, 11.5.2, 11.4.1 HF9
Opened: Jun 20, 2014 Severity: 1-Blocking Related Article:
K16188
Occasionally, traffic going through an IPsec tunnel from BIG-IP systems to Cisco systems stops after a certain period of time and recovers after an hour.
IPsec tunnel stops passing traffic until the trouble IPsec SA expires and the new set of IPsec SAs are negotiated.
This issue occurs when there is more than one pair of IPsec SAs negotiated and triggers redundant SA removal on the Cisco router.
Delete the trouble IPsec SAs
The system now works correctly, without stopping traffic going through an IPsec tunnel from BIG-IP systems to Cisco systems.