Bug ID 479182: Route domain deletion should not be allowed when ipsec is configured in that route domain

Last Modified: Mar 17, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3

Fixed In:
12.0.0

Opened: Sep 12, 2014
Severity: 3-Major

Symptoms

Non default route domain can be deleted without any error, even if there an ike-peer or ipsec-policy or traffic-selector referencing the route domain.

Impact

Traffic may stall if this is occurs in the middle of data transfer. Also note that any updates to the IPsec IKEv2 configuration may not be allowed after the deletion of the route domain

Conditions

1. Create a route domain and associate (wan and lan) vlan interfaces to the route domain. 2. Create the self ip's for the wan and lan interfaces. 3. Configure the ipsec-policy, traffic-selector and ikev2-peer in the route domain. 4. Pass traffic and establish the tunnel. 5. Delete the self ip and the route domain. 6. Notice that route domain can be deleted and MCP does not complains that ike-peer or ipsec-policy or traffic-selector still references this route domain.

Workaround

None

Fix Information

MCP will throw an error if the user tries to delete a route domain that is referenced by any ike-peer or ipsec-policy or traffic selector.

Behavior Change