Bug ID 633879: Fix IKEv1 md5 phase1 hash algorithm so config takes effect

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 13.0.0

Fixed In:
13.1.0, 13.0.0 HF1, 12.1.2 HF1

Opened: Dec 15, 2016

Severity: 3-Major

Related Article: K52833014

Symptoms

BIG-IP does not recognize the choice of md5 as hash algorithm in phase1 negotiation for IKEv1, but the GUI indicates it is available and configured.

Impact

You are unable to configure md5 as hash algorithm in IKEv1, despite the UI and command line indicating this as an option.

Conditions

Using either the command line or web UI to change hash algorithm to md5 in IKEv1 phase1.

Workaround

You may be able to select md5, then save and then restart, this would set up the daemon from a config file instead of via incremental config parsing. So while it would not work right after being changed in the UI, the md5 option may work after a restart.

Fix Information

The choice of md5 for hash algorithm now works correctly and immediately for an IKEv1 peer. The message causing this is now parsed correctly so md5 is recognized and used.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips