Bug ID 562928: Curl connections with 'local-port' option fail sometimes over IPsec tunnels when connection.vlankeyed db variable is disabled

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2

Fixed In:
13.0.0, 12.1.2 HF1, 11.6.1

Opened: Dec 14, 2015
Severity: 3-Major
Related AskF5 Article:
K32111020

Symptoms

Certain url connections with 'local-port' option fail sometimes over IPsec tunnels when connection.vlankeyed db variable is disabled with 'curl: (7) couldn't connect to host' error.

Impact

TCP connections do not complete the three way handshake and traffic does not pass.

Conditions

Using curl command with'--local-port' option causes the connections to fail on the BIG-IP system.

Workaround

Disabling 'cmp' option in virtual server secures the traffic over IPsec tunnels.

Fix Information

Using curl command with'--local-port' option no longer causes the connections to fail on the BIG-IP system.

Behavior Change