Operational Defect Database
BugZero found this defect 314 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1126561
Connections over IPsec fail when hardware acceleration in fastl4 is enabled
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP TMOS
Affected releases:
14.1.4
14.1.4.1
14.1.4.2
14.1.4.3
14.1.4.4
14.1.4.5
14.1.4.6
14.1.5
14.1.5.1
14.1.5.2
14.1.5.3
14.1.5.4
Fixed releases:
No fixed releases provided.
Description:
Bug ID 1126561: Connections over IPsec fail when hardware acceleration in fastl4 is enabled ... Connections through the IPsec tunnel do not work. ... Conditions ... - rSeries and VELOS platform. - PVA acceleration is enabled in the fastL4 profile of the IPsec virtual on the responder BIG-IP. ... Workaround ... Disable PVA acceleration in the relevant fastL4 profile. ... PVA acceleration cannot be performed on flows going into or coming out of IPsec. ... This workaround returns the functionality as it was designed. ... F5 recommends creating Virtual Servers to specifically catch flows that go over IPsec tunnels. ... If a generic Virtual Server uses a fastL4 profile with acceleration disabled, then non-IPsec flows that could be accelerated will not be. ... Fix Information
