Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
To mitigate this vulnerability, you can disable the anonymous IPsec IKE peer listener (if not in use). However, if you want to use the anonymous listener, you should ensure that the Verify Certificate option is enabled, or configure the Authentication Method option to use the Preshared Key method if certificates are not in use. To do so, perform the following procedures:
Disabling the anonymous IPsec IKE peer listener
Enabling the Verify Certificate option for the anonymous IPsec IKE peer listener
Configuring the Authentication Method option to use the Preshared Key method for the anonymous IPsec IKE peer listener
Disabling the anonymous IPsec IKE peer listener
Impact of action: The BIG-IP system will no longer listen for IPsec IKE peers unless another peer listener has been configured.
Impact of action: IPsec IKE peers will be required to provide a valid certificate or negotiation will fail.
Enabling the Verify Peer Certificate option allows you to configure the following:
* Trusted Certificate Authorities
* Certificate Revocation List (CRL)
* Peer Certificate
Configuring the Authentication Method option to use the Preshared Key method for the anonymous IPsec IKE peer listener
Impact of action: IPsec IKE peers will be required to provide the specified preshared key or negotiation will fail.
Selecting the Preshared Key method provides following fields:
* **Preshared Key** ***Verify Preshared Key** 5. In the**Preshared Key** field, enter the string that IKE peers will share for authenticating each other.
Supplemental Information
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html