Bug ID 613476: IKEv1 racoon daemon delayed timer use of ike-peer (rmconf) after deletion

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3,,,,,,

Fixed In:

Opened: Aug 30, 2016

Severity: 2-Critical


The IKEv1 racoon daemon can crash and restart when a v1 ike-peer is removed entirely from the config, or simply changed from v1 to v2.


IKEv1 racoon daemon restart that causes tunnel outage until re-established by future traffic.


When you remove an ike-peer whose version is v1, including any change from version v1 to v2 (since this has the effect of changing who handles that peer from the racoon daemon to tmm).



Fix Information

Validity of a v1 ike-peer inside the racoon daemon is more carefully checked. This release also prevents stale references from old security associations when a peer is removed. Note: A peer can be removed by complete erasure, or by changing the version to v2 so the IKEv1 racoon daemon no longer handles it.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips