STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to F5 BIG-IP TMOS VPN Security Technical Implementation Guide

V-266282

CAT II (Medium)

The IPsec BIG-IP appliance must use IKEv2 for IPsec VPN security associations.

Rule ID

SV-266282r1024757_rule

STIG

F5 BIG-IP TMOS VPN Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000382

Discussion

To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types); organizations must disable or restrict unused or unnecessary physical and logical ports/protocols on information systems. Use of IKEv2 leverages denial of service (DoS) protections because of improved bandwidth management and leverages more secure encryption algorithms.

Check Content

From the BIG-IP GUI:
1. Network.
2. IPsec.
3. IKE Peers.
4. Click on the name of the IKE peer.
5. Verify "Version 2" is selected for "Version".

If the BIG-IP appliance is not configured to use IKEv2 for IPsec VPN security associations, this is a finding.

Fix Text

From the BIG-IP GUI:
1. Network.
2. IPsec.
3. IKE Peers.
4. Click on the name of the IKE peer.
5. Select "Version 2" for "Version".
6. Click "Update".