STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to F5 BIG-IP TMOS VPN Security Technical Implementation Guide

V-266282

CAT II (Medium)

The IPsec BIG-IP appliance must use IKEv2 for IPsec VPN security associations.

Rule ID

SV-266282r1024757_rule

STIG

F5 BIG-IP TMOS VPN Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000382

Discussion

To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types); organizations must disable or restrict unused or unnecessary physical and logical ports/protocols on information systems. Use of IKEv2 leverages denial of service (DoS) protections because of improved bandwidth management and leverages more secure encryption algorithms.

Check Content

From the BIG-IP GUI:
1. Network.
2. IPsec.
3. IKE Peers.
4. Click on the name of the IKE peer.
5. Verify "Version 2" is selected for "Version".

If the BIG-IP appliance is not configured to use IKEv2 for IPsec VPN security associations, this is a finding.

Fix Text

From the BIG-IP GUI:
1. Network.
2. IPsec.
3. IKE Peers.
4. Click on the name of the IKE peer.
5. Select "Version 2" for "Version".
6. Click "Update".