Bug ID 756402: Re-transmitted IPsec packets can have garbled contents

Last Modified: Jul 07, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,, 13.1.0,,,,,,,,, 13.1.1,,,,, 14.0.0,,,,,, 14.0.1, 14.1.0,,,,

Fixed In:,, 13.1.3

Opened: Jan 24, 2019
Severity: 2-Critical


Before re-transmitting a packet, it is discovered to be garbled, mainly in the form of having physical length that no longer matches the logical length recorded inside the packet.


Likely tunnel outage until re-established.


Possibly rare condition that might cause packet freeing while still in use.


No workaround is known at this time.

Fix Information

This release adds checksums to verify IPsec packets are not altered between first creation and later re-transmission.

Behavior Change