Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Opened: Feb 22, 2016 Severity: 4-Minor
After modifying IKEv2 peer state to disabled, remote security association (SA's) stay active.
Remote SA's stay active.
Changing IKEv2 peer state to disabled.
Use IPsec dead peer discovery (DPD) mechanism defined in RFC 3706 for detecting peers that have been disconnected too abruptly (a system crash) or due to network issues (manual disconnecting a laptop's Ethernet cable). You can find more information in 'A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers' available here: http://www.ietf.org/rfc/rfc3706.txt.
None