Bug ID 630430: IPsec ALG: Traffic may not go through IPsec tunnel if ipsec.lookupspi is disabled and default DAG is used

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP AFM, CGN, Install/Upgrade, LTM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1

Opened: Nov 28, 2016

Severity: 3-Major

Related Article: K93873214

Symptoms

The connection table and IPsec ALG profile stats may indicate that the IPsec tunnel has been established, but traffic may not be passing through it.

Impact

Connections going through the IPsec tunnel may fail.

Conditions

This may occur on appliances when the IPsec ALG is used with default DAG and the sys db variable ipsec.lookupspi is disabled.

Workaround

Ensure the db variable ipsec.lookupspi is enabled.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips