Bug ID 504354: IPv6 IPsec tunnel not responding to remote ESP packets that encapsulate IPv4 packet

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Fixed In:
12.0.0

Opened: Feb 03, 2015
Severity: 3-Major

Symptoms

The default-traffic-selector-interface is IPv6-IPv6 by default. This causes the IPsec ESP to drop the decrypted non-IPv6 packets inside the IPsec tunnel.

Impact

Unable to send IPv4 traffic over IPv6 IPsec tunnel interface. Service unreachable.

Conditions

Configure IPsec tunnel interface such that the IPsec tunnel is IPv6, and the internal packet is IPv4.

Workaround

N/A.

Fix Information

The fix would examine the internal packet of IPsec ESP tunnel by looking at the IPv4/6 header version field.

Behavior Change