Bug ID 630430: IPsec ALG: Traffic may not go through IPsec tunnel if ipsec.lookupspi is disabled and default DAG is used

Last Modified: Jan 29, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM, CGN, Install/Upgrade, LTM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4

Opened: Nov 28, 2016
Severity: 3-Major
Related AskF5 Article:
K93873214

Symptoms

The connection table and IPsec ALG profile stats may indicate that the IPsec tunnel has been established, but traffic may not be passing through it.

Impact

Connections going through the IPsec tunnel may fail.

Conditions

This may occur on appliances when the IPsec ALG is used with default DAG and the sys db variable ipsec.lookupspi is disabled.

Workaround

Ensure the db variable ipsec.lookupspi is enabled.

Fix Information

None

Behavior Change