Bug ID 757722: Unknown notify message types unsupported in IKEv2

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4

Fixed In:
15.1.0, 14.1.0.6, 14.0.1.1, 13.1.3

Opened: Feb 05, 2019

Severity: 2-Critical

Symptoms

IKE negotiation fails when an unrecognized notify payload type is seen in a message processed by IKEv2.

Impact

Negotiation fails with an aborted connection, preventing tunnel creation.

Conditions

Receiving an IKE message that contains a notify payload whose numeric type value is unrecognized by IKEv2.

Workaround

A peer can suppress notification payloads with advisory values that get rejected by IKEv2 within the BIG-IP system.

Fix Information

All unknown notify types are now logged and then ignored.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips