Bug ID 630430: IPsec ALG: Traffic may not go through IPsec tunnel if ipsec.lookupspi is disabled and default DAG is used

Last Modified: Jun 10, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP AFM, CGN, Install/Upgrade, LTM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,

Opened: Nov 28, 2016
Severity: 3-Major
Related AskF5 Article:


The connection table and IPsec ALG profile stats may indicate that the IPsec tunnel has been established, but traffic may not be passing through it.


Connections going through the IPsec tunnel may fail.


This may occur on appliances when the IPsec ALG is used with default DAG and the sys db variable ipsec.lookupspi is disabled.


Ensure the db variable ipsec.lookupspi is enabled.

Fix Information


Behavior Change