Last updated on: June 17 2024.


IPsec is a tricky subject. This troubleshooting guide (TSG) is here to help readers discover more about IPsec and turn troubleshooting into a structured process.

Not covered in this guide:

  • IPsec passthrough - where the BIG-IP is not terminating the tunnel, ie. is not an IPsec peer.

  • Dynamic tunnels - a new feature since 16.1.

  • IPsec interface mode will be covered in more detail later. All of the material in this guide still applies to interface mode.

  • AFM - planned to be covered later.

How To Use This Document

The IPsec TSG breaks the entire subject down into quickly consumable help. Start with the troubleshooting flowchart. Each step in the chart links to a specific page that explain the reasons and methods. To minimise wasted effort, the easier steps come first.

Product Versions

This TSG applies to all current BIG-IP TMOS software, with caveats noted where applicable.

  • 15.1.x

  • 16.1.x

  • 17.1.x

Collaboration Welcome

If you have ideas or suggestions, please leave feedback.