Bug ID 634117: Disabling IKE peers has no effect

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Dec 16, 2016
Severity: 2-Critical
Related AskF5 Article:
K33241169

Symptoms

Disabling an IKE peer using a checkbox in the GUI has no effect, and traffic continues.

Impact

IKE peer does not get disabled as expected, so new connections may be established. Traffic continues when the ike-peers have been disabled.

Conditions

This is encountered when disabling IKE peers in the GUI.

Workaround

Although it is not possible to disable the peer, you can still delete it.

Fix Information

You can now disable a peer without having to totally delete it. When a peer is disabled, no new connection will be allowed. Basically a disabled peer is treated as not existing, as if you had deleted it instead, but you can enable it without having to add it, as you would if it actually had been deleted.

Behavior Change