Bug ID 757722: Unknown notify message types unsupported in IKEv2

Last Modified: Sep 11, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 15.0.0, 15.0.1

Fixed In:
14.1.0.6, 13.1.3

Opened: Feb 05, 2019
Severity: 2-Critical

Symptoms

IKE negotiation fails when an unrecognized notify payload type is seen in a message processed by IKEv2.

Impact

Negotiation fails with an aborted connection, preventing tunnel creation.

Conditions

Receiving an IKE message that contains a notify payload whose numeric type value is unrecognized by IKEv2.

Workaround

A peer can suppress notification payloads with advisory values that get rejected by IKEv2 within the BIG-IP system.

Fix Information

All unknown notify types are now logged and then ignored.

Behavior Change