Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0
Opened: Sep 12, 2014 Severity: 3-Major
Non default route domain can be deleted without any error, even if there an ike-peer or ipsec-policy or traffic-selector referencing the route domain.
Traffic may stall if this is occurs in the middle of data transfer. Also note that any updates to the IPsec IKEv2 configuration may not be allowed after the deletion of the route domain
1. Create a route domain and associate (wan and lan) vlan interfaces to the route domain. 2. Create the self ip's for the wan and lan interfaces. 3. Configure the ipsec-policy, traffic-selector and ikev2-peer in the route domain. 4. Pass traffic and establish the tunnel. 5. Delete the self ip and the route domain. 6. Notice that route domain can be deleted and MCP does not complains that ike-peer or ipsec-policy or traffic-selector still references this route domain.
None
MCP will throw an error if the user tries to delete a route domain that is referenced by any ike-peer or ipsec-policy or traffic selector.