Bug ID 630022: IPsec in HA: config sync from Standby to Active resets tunnels

Last Modified: Jan 29, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4

Opened: Nov 22, 2016
Severity: 3-Major

Symptoms

IPsec in HA: config sync from the Standby BIG-IP system to the Active one resets tunnels.

Impact

IPsec tunnels are reset on the Active system.

Conditions

IPsec in high availability (HA) configurations. Performing config sync from Standby to Active.

Workaround

Use "Auto Sync" on the Device Group and never use "Overwrite Configuration" when manually syncing. Note: Although preparing a configuration on Standby and syncing to Active is not prohibited, it is not recommended. The expected operation is to make all configuration changes on the Active BIG-IP system, and perform config sync to the Standby one.

Fix Information

None

Behavior Change