Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Fixed In:
12.0.0
Opened: Feb 03, 2015 Severity: 3-Major
The default-traffic-selector-interface is IPv6-IPv6 by default. This causes the IPsec ESP to drop the decrypted non-IPv6 packets inside the IPsec tunnel.
Unable to send IPv4 traffic over IPv6 IPsec tunnel interface. Service unreachable.
Configure IPsec tunnel interface such that the IPsec tunnel is IPv6, and the internal packet is IPv4.
N/A.
The fix would examine the internal packet of IPsec ESP tunnel by looking at the IPv4/6 header version field.