Bug ID 468175: IPsec interop with Cisco systems intermittent outages

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4

Fixed In:
12.0.0, 12.0.0, 11.6.0 HF5, 11.5.2, 11.4.1 HF9

Opened: Jun 20, 2014
Severity: 1-Blocking
Related AskF5 Article:
K16188

Symptoms

Occasionally, traffic going through an IPsec tunnel from BIG-IP systems to Cisco systems stops after a certain period of time and recovers after an hour.

Impact

IPsec tunnel stops passing traffic until the trouble IPsec SA expires and the new set of IPsec SAs are negotiated.

Conditions

This issue occurs when there is more than one pair of IPsec SAs negotiated and triggers redundant SA removal on the Cisco router.

Workaround

Delete the trouble IPsec SAs

Fix Information

The system now works correctly, without stopping traffic going through an IPsec tunnel from BIG-IP systems to Cisco systems.

Behavior Change