Traffic being handled by non-existing VS

Hi All,

 

Strange behavior observed on F5 :

 

1. When we checked the current connections with below command, there were no connections established even though packet capture was showing traffic.

tmsh show /sys connection cs-client-addr 10.122.240.49

 

2 When we checked the current connections with below command, there were no connections established even though packet capture was showing traffic.

 

tmsh show /sys connection cs-server-addr 203.115.234.152

 

3Checked packet capture on F5 and observed traffic being handled by non-existing VS ( vpngw_time_vs does not exist on F5)

 

[root@F5LC01:Active] config tcpdump -s 0 -ni 0.0:n host 203.115.234.152 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0:n, link-type EN10MB (Ethernet), capture size 65535 bytes 20:30:49.909308 IP 10.122.240.49.isakmp > 203.115.234.152.isakmp: isakmp: parent_sa ikev2_init[I] in slot1/tmm0 lis=vpngw_time_vs 20:30:49.909318 IP 211.25.232.217.isakmp > 203.115.234.152.isakmp: isakmp: parent_sa ikev2_init[I] out slot1/tmm0 lis=vpngw_time_vs

 

4Statistics of VS men_vpn_vs ( which is existing with IP as 203.115.234.152 ) do not show any traffic coming in.

 

Version of F5 is 10.2.2 HF4.

 

I know this is quite old version of F5 and definitely needs upgrade but still trying to understand this behaviour.