Bug ID 751450: Ability to select both IKEv1 and IKEv2 in ike-peer config deprecated

Last Modified: Apr 01, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,, 15.0.0, 15.0.1,,,,

Fixed In:

Opened: Nov 29, 2018
Severity: 4-Minor


Multiple values (v1/v2) for the IKE version attribute can lead to inconsistent handling of IPsec tunnel negotiation and can lead to unexpected errors, depending on which peer is the Initiator. Additionally, setting both values has lead to an indeterminate state in the BIG-IP system internal configuration.


An indeterminate configuration state can exist after changing from both versions to just one.


Both v1 and v2 are selected as the IKE version in the ike-peer configuration object.


An indeterminate configuration state after changing from both versions to just one can normally be cleared by restarting tmipsecd (bigstart restart tmipsecd) but may require a reboot the BIG-IP system in order to clear the TMM state.

Fix Information

Ike peer version can take only one value now: -- In the GUI, you can set the version by selecting one option through radio buttons (either v1 or v2). -- In TMSH, You can specify the the version using the 'replace-all-with' option. When trying to set more than one value, an error message is displayed.

Behavior Change