Brighthouse Orlando Port blocking ISAKMP

Eric C. Miller eric at
Wed Aug 3 03:38:39 UTC 2016

All is well, now.

It appears that it may have been on XO's network. My crypto tunnel between AT&T and BH crossed XO, and asymmetric routing from my office network had Cogent and XO outgoing, and Level3 on the return. If I forced my office connection to use Level3 for the outbound, the tunnel established immediately.

Brighthouse's phone support was a grade F, by the way. Their phone support had me yanked around for an hour, before they finally consulted with Tier3. After relaying the response, which was simply, "BH doesn't filter customer traffic - It must be on your side," I asked to speak with them directly. The person I was speaking to proceeded to tell me that Tier-3 had just closed, and that they would have to call me back. It was 48 hours before I received a call back.


Eric Miller, CCNP
Network Engineering Consultant

-----Original Message-----
From: NANOG [mailto:nanog-bounces at] On Behalf Of Mallette, Edwin J
Sent: Monday, August 1, 2016 9:54 AM
To: NANOG <nanog at>
Subject: Re: Brighthouse Orlando Port blocking ISAKMP

Hi Erik,

We definitely do not filter UDP500 across our network.  I¹m going to reach out to you directly to see if I can help figure out what¹s going on.



On 7/30/16, 11:38 PM, "NANOG on behalf of Eric C. Miller"
<nanog-bounces at on behalf of eric at> wrote:

>Subject says it all!!! I cannot open any IPSec tunnels, because UDP 500 
>is not making it through to my Brighthouse connection. I've tried from 
>Level3, Cogent, and AT&T. Are there any Brighthouse engineers on that 
>would help me shed some light on this?
>Thank you,

More information about the NANOG mailing list