For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kandregg_49068's avatar
kandregg_49068
Icon for Nimbostratus rankNimbostratus
Aug 11, 2015

IPSec protocol 50 unreachable

IPSec protocol 50 unreachable

 

anyone see this before?

 

13:18:12.263595 IP 166.130.153.10.500 > 134.186.111.134.500: isakmp: phase 1 I ident 13:18:13.492500 IP 166.130.152.195 > 134.186.111.134: ESP(spi=0xdaae26d3,seq=0xe5), length 100 13:18:13.493080 IP 134.186.111.131 > 166.130.152.195: ICMP 134.186.111.131 protocol 50 unreachable, length 128

 

application delivery
ASM Advanced WAF
BIG-IP Access Policy Manager (APM)
LTM
security

2 Replies

  • Rob_Stonham's avatar
    Rob_Stonham
    Icon for Cirrus rankCirrus
    Feb 11, 2016

    Hi,

    You don't say which end is which so I'm assuming that 134.186.11.134 is your local end and 166.130.152.195 is the remote end. This looks like the remote end is blocking ESP traffic. Myself and Victor recently come across a similar issue, but it was our local F5 BIG-IP that was generating the ICMP protocol 50 unreachable response.

    I found that in our case the BIG-IP had wrong setting:

     tmsh list sys db ipsec.lookupspi
sys db ipsec.lookupspi {
    value "disable"
}

    As in our case the BIG-IP was the IPSEC endpoint we needed to change the setting to:

     tmsh list sys db ipsec.lookupspi
sys db ipsec.lookupspi {
    value "enable"
}

    using the command:

     tmsh modify sys db ipsec.lookupspi value enable
 tmsh save sys config

    The KB article SOL14169 shows that the setting may need disabling if the BIG-IP is NOT terminating the IPSEC traffic, but this implies that if the BIG-IP IS terminating IPSEC traffic the setting needs to be enabled.