To work around this issue, manually add an IPv6 address for each cluster member in the Gateway Cluster members list in Gateway Cluster Properties. Since XOS V9.7.x only supports increment-per-vap for IPv4 addresses, you can create an IPv6 alias address for each cluster member and add the alias address for each member. As an alternative, you can also enter unused IPv6 addresses for cluster members. Then return to the General Properties page, select (check) IPSec VPN, and click OK. Note:
Make sure that any unused IPv6 addresses you enter are not propagated or advertised to adjacent routers.
To verify that IPSec is enabled, reopen the Gateway Cluster Properties page, and note that IPSec VPN is enabled.