Last Modified: Mar 16, 2020
See more info
Known Affected Versions:
14.1.0, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 14.1.2, 184.108.40.206, 220.127.116.11, 18.104.22.168, 15.0.0, 15.0.1, 22.214.171.124, 126.96.36.199
Opened: Apr 04, 2019
High availability (HA) failover from active to next-active device should delete existing IKEv1 SAs because the IKEv1 racoon daemon terminates on standby. But it should not also delete the IKEv2 SAs at the same time, and it does.
The deletes IKEv2 SAs mirrored for HA. In the event of rapid failover and failback, this issue might result in missing SAs on the active device.
This occurs during failover.
The BIG-IP system no longer deletes IKEv2 SAs upon failover from active to standby, at the same time IKEv1 SAs are deleted.