I have ike (udp/500) traffic coming, and it's getting dropped after i in fw monitor.
Log show that it was being dropped due to CPearlydrop.. changed early drop optimization to 0 so I can see it in the logs, and it's just bypassing my rule and hitting the default drop any.
[vs_0][fw_33] eth1-01:i[492]: x.x.x.x -> y.y.y.y (UDP) len=492 id=30892
UDP: 500 -> 500
[vs_0][fw_3] eth1-01:i[492]: x.x.x.x -> y.y.y.y (UDP) len=492 id=31502
UDP: 500 -> 500
my rule, i'm allowing x.x.x.x to y.y.y.y (which is static NAT), with IKE, gIKE, udp/500, udp/4500 all allowed.
Can't figure out what I'm missing here.