For the past few days I have been watching IPSEC ESP authentication failures on my firewall. The firewall sits behind a Cisco 7200 router which is configured with a UDP control plan policy (below) - DOS protection. The IOS running on the router is Version 12.4(25b). The VPN continues to pass traffic without any problems though. I have a feeling the policy is effecting IPSEC traffic. I'm still doing research. Has anyone witnessed this issue before?
I cleared the UDP ACL counter to see if the counter was incrementing at an abnormal rate. At the moment it is not. How can I reset the control-plane policy counter?
class-map match-all UDP
match access-group name UDP
police 16000 conform-action transmit exceed-action drop violate-action drop
ip access-list extended UDP
permit udp any any
service-policy input Control-Plane