Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Jan 29, 2016 Severity: 3-Major Related Article:
K51200424
The IPsec configuration utility (web UI) allows configuration of an invalid option "NONE" for Perfect Forward Secrecy when Internet Explorer browser is in use.
The racoon daemon will fail to start and all tunnels may fail to work. The racoon.log file may contain messages like: 2016-09-14 16:32:16: INFO: Reading configuration from "/etc/racoon/racoon.conf" 2016-09-14 16:32:16: ERROR: /etc/racoon/racoon.conf.bigip:59: "}" DH group required. 2016-09-14 16:32:16: ERROR: fatal parse failure (1 errors) 2016-09-14 16:32:16: ERROR: failed to parse configuration file.
IPsec IKE-v2 Peer created with 'None' option for Perfect Forward Secrecy from GUI.
'None' option for Perfect Forward Secrecy in IPsec IKE Peer creation page is an invalid option and should not be selected.
Configuration utility (web UI): Removed 'None' option for Perfect Forward Secrecy in IPsec IKE Peer creation page.