Bug ID 633879: Fix IKEv1 md5 phase1 hash algorithm so config takes effect

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 13.0.0

Fixed In:
13.1.0, 13.0.0 HF1, 12.1.2 HF1

Opened: Dec 15, 2016
Severity: 3-Major
Related AskF5 Article:


BIG-IP does not recognize the choice of md5 as hash algorithm in phase1 negotiation for IKEv1, but the GUI indicates it is available and configured.


You are unable to configure md5 as hash algorithm in IKEv1, despite the UI and command line indicating this as an option.


Using either the command line or web UI to change hash algorithm to md5 in IKEv1 phase1.


You may be able to select md5, then save and then restart, this would set up the daemon from a config file instead of via incremental config parsing. So while it would not work right after being changed in the UI, the md5 option may work after a restart.

Fix Information

The choice of md5 for hash algorithm now works correctly and immediately for an IKEv1 peer. The message causing this is now parsed correctly so md5 is recognized and used.

Behavior Change