Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Opened: Oct 09, 2015 Severity: 4-Minor
Multiple IPsec tunnels with different tunnel local address to the same IKE peer/remote is not supported in IKE version 1.
IPsec Tunnels might not be established and, even then, might not pass traffic correctly. This is working as designed. Using this configuration makes it difficult for LTM to choose the correct tunnel, and preventing the configuration carries an unacceptable performance impact.
Using IKE version 1 and configuring multiple IPsec tunnels with different tunnel local address to the same IKE peer/remote.
Either configure a single tunnel to the remote peer or create multiple ipsec-policy statements with unique tunnel-local-address paired with a distinct tunnel-remote-address on the remote peer.
None