Bug ID 575339

Bug Tracker
ID 575339

Bug ID 575339: After modifying IKEv2 peer state to disabled, remote SA's stay active.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3

Opened: Feb 22, 2016

Severity: 4-Minor

Symptoms

After modifying IKEv2 peer state to disabled, remote security association (SA's) stay active.

Impact

Remote SA's stay active.

Conditions

Changing IKEv2 peer state to disabled.

Workaround

Use IPsec dead peer discovery (DPD) mechanism defined in RFC 3706 for detecting peers that have been disconnected too abruptly (a system crash) or due to network issues (manual disconnecting a laptop's Ethernet cable). You can find more information in 'A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers' available here: http://www.ietf.org/rfc/rfc3706.txt.

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips