Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: Jan 03, 2017 Severity: 3-Major Related Article:
K75870356
1. Two peers, one with IKEv2 ike-peer configured and the other with IKEv1 ike-peer configured. 2. Reboot IKEv2 peer. 3. Attempt to initiate tunnel from IKEv2 peer side. Won't work (that's expected). 4. Correct the IKEv2 peer to use IKEv1. 5. Attempt to initiate tunnel from 'new' IKEv1 peer side. Won't work (no policy found is logged). Still cannot initiate tunnel after switching from IKEv2 to IKEv1.
IPsec does not work. You must reconfigure the two ike-peers from the start, or restart tmipsecd.
Changing IKE version from IKEv2 to IKEv1.
Configure the IKE peers to use IKEv1 at initial configuration, or restart tmipsecd after changing the configuration from IKEv2 to IKEv1.
IPsec now supports changing the configuration from IKEv1 to IKEv2 after initial configuration setup.