Bug ID 755997: non ipsec listener traffic, i.e. monitoring traffic, can be translated to wrong source address

Last Modified: Feb 25, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4

Opened: Jan 18, 2019
Severity: 3-Major

Symptoms

When IPSEC traffic is processed by a fastl4 profile, which is not related to an IPSEC listener, and is send out via a gateway pool or a dynamic route, the source address of this traffic can be erroneously changed to 127.0.0.x

Impact

wrong source address used.

Conditions

IPSEC traffic is processed by a fastl4 profile, which is not related to an IPSEC listener, and is send out via a gateway pool or a dynamic route,

Workaround

None

Fix Information

None

Behavior Change