Bug ID 964941: IPsec interface-mode tunnel does not initiate or respond after config change

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1

Fixed In:
16.1.0, 15.1.4

Opened: Nov 16, 2020
Severity: 3-Major

Symptoms

After reconfiguring an interface-mode IPsec tunnel, the IPsec tunnel may fail to initiate or negotiate as a Responder.

Impact

Remote networks cannot be reached because BIG-IP refuses to negotiate IPsec tunnel.

Conditions

-- IPsec interface mode -- Changing the IPsec tunnel configuration

Workaround

Reboot or restart tmm. For ikev1 peers it will also be necessary to restart tmipsecd after restarting tmm.

Fix Information

Valid changes to the IPsec tunnel configuration result in the tunnel negotiation happening.

Behavior Change