Last Modified: Nov 22, 2021
Affected Product(s):
BIG-IP TMOS
Fixed In:
15.1.0
Opened: Sep 16, 2016 Severity: 4-Minor
BIG-IP provides no option to log the negotiated IKEv2 keys for debugging purposes.
Debugging protocol problems is impeded when encrypted packets cannot be examined for problems.
This is encountered if you are trying to troubleshoot or debug IKEv2.
No workaround is known at this time.
When ike-daemon log level is set to debug, and a log publisher is also attached, encryption and authentication keys are logged in tmm log files as well as ipsec.log. This mainly appears in the form of IKE protocol packets displayed in human readable form after decryption. This includes all negotiated keys, unless you have explicitly requested suppression of keys in logs by changing the value of sys db variable ipsec.debug.logkeys to prevent such display.
When ike-daemon log level is set to debug, and a log publisher is also attached, encryption and authentication keys are logged in tmm log files as well as ipsec.log. This mainly appears in the form of IKE protocol packets displayed in human readable form after decryption. This includes all negotiated keys, unless you have explicitly requested suppression of keys in logs by changing the value of sys db variable ipsec.debug.logkeys to prevent such display.