Error messages such as this can appear in the system console / messages file:
Jun 12 19:56:21 mutiny ip: [ID 528025 kern.error] ipsec_check_global_policy: Policy Failure for the incoming packet (not secure); Source 129.156.173.137, Destination 129.156.173.078.
Jun 12 19:56:31 mutiny ip: [ID 737791 kern.error] ipsec_check_global_policy: Policy Failure for the incoming packet (not secure); Source 127.000.000.001, Destination 127.000.000.001.
Jun 13 03:18:56 mutiny last message repeated 4 times
The cause of the messages is IPsec, this system recieved a clear text packet
but the IPsec policy on this system only allows IPsec encrypted packets, so the
system discards the packet. To stop the system logging itself to death, there
is a rate limiting function which will only log a message every ipsec_policy_log_interval milliseconds.
The default value for ipsec_policy_log_interval is 1000 ( one second ).
In certain configurations, messages like this are expected and after a while
too many messages will start to become anoying and fill up the messages file.
This value can be tunned with ndd upto 999999 milliseconds ( just over 16 minutes )
but can't actually be disabled. This is a request to allow the systems administrator to turn off these messages should they wish.
Suggest (ipsec_policy_log_interval == 0) means messages off.
xxxxx@xxxxx.com 2005-06-13 15:39:57 GMT