IPSEC not connecting all of a sudden

richbry1

All of a sudden can not connect to IPSEC. Where can I find out what the rule codes mean. Networking guys say it's on my end, I say BULL!

Feb 11 08:42:17 pf: 99.166.166.227.500 > 64.147.106.240.500: isakmp 1.0 msgid : phase 1 I agg: [|sa]
Feb 11 08:42:17 pf: 00:00:05.001229 rule 1/0(match): block in on dc0: (tos 0x0, ttl 38, id 33381, offset 0, flags [none], proto UDP (17), length 1189)
Feb 11 08:42:12 pf: 99.166.166.227.500 > 64.147.106.240.500: isakmp 1.0 msgid : phase 1 I agg: [|sa]
Feb 11 08:42:12 pf: 00:00:05.013017 rule 1/0(match): block in on dc0: (tos 0x0, ttl 38, id 33381, offset 0, flags [none], proto UDP (17), length 1189)
Feb 11 08:42:07 pf: 99.166.166.227.500 > 64.147.106.240.500: isakmp 1.0 msgid : phase 1 I agg: [|sa]
Feb 11 08:42:07 pf: 00:00:04.997553 rule 1/0(match): block in on dc0: (tos 0x0, ttl 38, id 33381, offset 0, flags [none], proto UDP (17), length 1189)
Feb 11 08:42:02 pf: 99.166.166.227.500 > 64.147.106.240.500: isakmp 1.0 msgid : phase 1 I agg: [|sa]
Feb 11 08:42:02 pf: 00:05:30.695009 rule 1/0(match): block in on dc0: (tos 0x0, ttl 37, id 33381, offset 0, flags [none], proto UDP (17), length 1189)

jimp

If you look at the parsed log (not the raw log) in the GUI, click the 'x' at the start of the line and it will tell you what rule matched.

Guessing it's the default block rule, which would make sense in this case only if their IP changed on the tunnel. Check the IPs in the log message there against what is configured on the IPsec tunnel.

richbry1

Thanks for the quick response. The networking guy's not playing nice. They screwed up and not fessing up.