Bug ID 679347: ECP does not work for PFS in IKEv2 child SAs

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1

Fixed In:

Opened: Aug 19, 2017
Severity: 3-Major
Related AskF5 Article:


The original racoon2 code has no support for DH generate or compute using elliptic curve algorithms for (perfect forward security). Additionally, the original interfaces are synchronous, but the only ECP support present uses API with async organization and callbacks, so adding ECP does not work.


Once the first child SA expires (or is deleted), the IKEv2 tunnel goes down when another SA cannot be negotiated.


Changing an ike-peer definition from the default phase1-perfect-forward-secrecy value of modp1024 to something using ECP: ecp256, ecp384, or ecp512. Note: The first child SA is negotiated successfully.


Use MODP for perfect-forward-secrecy instead of ECP.

Fix Information

Full support for ECP as PFS has now been added, so a new child-SA negotiated in a IKEV2EXCH_CREATE_CHILD_SA exchange works as expected for ecp256, ecp384, and ecp512.

Behavior Change