Bug ID 964941: IPsec interface-mode tunnel does not initiate or respond after config change

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1

Fixed In:
16.1.0, 15.1.4

Opened: Nov 16, 2020

Severity: 3-Major

Symptoms

After reconfiguring an interface-mode IPsec tunnel, the IPsec tunnel may fail to initiate or negotiate as a Responder.

Impact

Remote networks cannot be reached because BIG-IP refuses to negotiate IPsec tunnel.

Conditions

-- IPsec interface mode -- Changing the IPsec tunnel configuration

Workaround

Reboot or restart tmm. For ikev1 peers it will also be necessary to restart tmipsecd after restarting tmm.

Fix Information

Valid changes to the IPsec tunnel configuration result in the tunnel negotiation happening.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips