Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 13.0.0
Fixed In:
13.1.0, 13.0.0 HF1, 12.1.2 HF1
Opened: Dec 15, 2016 Severity: 3-Major Related Article:
K52833014
BIG-IP does not recognize the choice of md5 as hash algorithm in phase1 negotiation for IKEv1, but the GUI indicates it is available and configured.
You are unable to configure md5 as hash algorithm in IKEv1, despite the UI and command line indicating this as an option.
Using either the command line or web UI to change hash algorithm to md5 in IKEv1 phase1.
You may be able to select md5, then save and then restart, this would set up the daemon from a config file instead of via incremental config parsing. So while it would not work right after being changed in the UI, the md5 option may work after a restart.
The choice of md5 for hash algorithm now works correctly and immediately for an IKEv1 peer. The message causing this is now parsed correctly so md5 is recognized and used.