Bug ID 562928: Curl connections with 'local-port' option fail sometimes over IPsec tunnels when connection.vlankeyed db variable is disabled

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.0

Fixed In:
13.0.0, 12.1.2 HF1, 11.6.1

Opened: Dec 14, 2015

Severity: 3-Major

Related Article: K32111020

Symptoms

Certain url connections with 'local-port' option fail sometimes over IPsec tunnels when connection.vlankeyed db variable is disabled with 'curl: (7) couldn't connect to host' error.

Impact

TCP connections do not complete the three way handshake and traffic does not pass.

Conditions

Using curl command with'--local-port' option causes the connections to fail on the BIG-IP system.

Workaround

Disabling 'cmp' option in virtual server secures the traffic over IPsec tunnels.

Fix Information

Using curl command with'--local-port' option no longer causes the connections to fail on the BIG-IP system.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips