Last Modified: Apr 17, 2024
Affected Product(s):
BIG-IP All, Install/Upgrade
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2
Opened: Oct 18, 2019 Severity: 2-Critical
When a 'net ipsec ike-peer' object has the version attribute with more than one value, upgrading to version 15.1.0 results in a failed upgrade.
Upgrading to version 15.1.0, which allows only one value for the version attribute, results in a failed upgrade/config load error.
The version attribute has two values, in this example, 'v1' and 'v2.' net ipsec ike-peer test { my-cert-file default.crt my-cert-key-file default.key my-id-value 38.38.38.64 peers-id-value 38.38.38.38 phase1-auth-method rsa-signature phase1-encrypt-algorithm 3des phase1-hash-algorithm sha256 prf sha256 remote-address 38.38.38.38 traffic-selector { /Common/homer2 } version { v1 v2 } }
Before upgrading, modify your config so that the version attribute has only one value for the version attribute.
None
IKE-Peer version attribute can have only one version value now, either 'v1' or 'v2,' but not both in version 15.1.0.