Bug ID 769341: HA failover deletes outstanding IKEv2 SAs along with IKEv1 SAs

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,,, 15.0.0, 15.0.1,,,,

Fixed In:

Opened: Apr 04, 2019

Severity: 2-Critical


High availability (HA) failover from active to next-active device should delete existing IKEv1 SAs because the IKEv1 racoon daemon terminates on standby. But it should not also delete the IKEv2 SAs at the same time, and it does.


The deletes IKEv2 SAs mirrored for HA. In the event of rapid failover and failback, this issue might result in missing SAs on the active device.


This occurs during failover.



Fix Information

The BIG-IP system no longer deletes IKEv2 SAs upon failover from active to standby, at the same time IKEv1 SAs are deleted.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips