All is well, now. It appears that it may have been on XO's network. My crypto tunnel between AT&T and BH crossed XO, and asymmetric routing from my office network had Cogent and XO outgoing, and Level3 on the return. If I forced my office connection to use Level3 for the outbound, the tunnel established immediately. Brighthouse's phone support was a grade F, by the way. Their phone support had me yanked around for an hour, before they finally consulted with Tier3. After relaying the response, which was simply, "BH doesn't filter customer traffic - It must be on your side," I asked to speak with them directly. The person I was speaking to proceeded to tell me that Tier-3 had just closed, and that they would have to call me back. It was 48 hours before I received a call back. Grr. Eric Miller, CCNP Network Engineering Consultant -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Mallette, Edwin J Sent: Monday, August 1, 2016 9:54 AM To: NANOG <nanog@nanog.org> Subject: Re: Brighthouse Orlando Port blocking ISAKMP Hi Erik, We definitely do not filter UDP500 across our network. I¹m going to reach out to you directly to see if I can help figure out what¹s going on. Cheers! Ed On 7/30/16, 11:38 PM, "NANOG on behalf of Eric C. Miller" <nanog-bounces@nanog.org on behalf of eric@ericheather.com> wrote:
Hello!
Subject says it all!!! I cannot open any IPSec tunnels, because UDP 500 is not making it through to my Brighthouse connection. I've tried from Level3, Cogent, and AT&T. Are there any Brighthouse engineers on that would help me shed some light on this?
Thank you,
Eric