Bug ID 769341: HA failover deletes outstanding IKEv2 SAs along with IKEv1 SAs

Last Modified: Jul 03, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 15.0.0

Opened: Apr 04, 2019
Severity: 2-Critical

Symptoms

High availability (HA) failover from active to next-active device should delete existing IKEv1 SAs because the IKEv1 racoon daemon terminates on standby. But it should not also delete the IKEv2 SAs at the same time, and it does.

Impact

The deletes IKEv2 SAs mirrored for HA. In the event of rapid failover and failback, this issue might result in missing SAs on the active device.

Conditions

This occurs during failover.

Workaround

None.

Fix Information

None

Behavior Change