I just made a change in my IPSec policy, in fact not even a change … created a new one, just testing really … but i forgot to click safe mode … and since applying the policy i’ve lost 100% connectivity to the box - its on an AWS instance …
Have I dropped a massive howler and pretty much blocked all access into my server and now need to completely rebuild or is the a glimer of hope i could get back on ?
All i set in the policy was a new source address of the public IP of the AWS instance.
If the policy had the (implicit) action=encrypt and you can get to the remote IPsec peer and disable IPsec communication with your router on it, the policy will become inactive and you’ll be able to log in (and disable/remove/fix the policy). If the policy has a different action, or if you cannot disable the IPsec tunnel at the remote end, or if you depend on that tunnel to access your router, you’re out of luck.
Another possibility might be to assign a different public address to the router if it gets it from the virtualization platform by DHCP.
If you cannot access the remote peer but can disable traffic between your locked out router and that peer’s IP address on some intermediate box, doing so is another way to shut down the tunnel.