VPN error codes
Under some conditions, multiple IPsec VPN errors can be detected simultaneously and combined in a single log message.
The most significant error is shown as text, and the other detected errors are indicated using a combined (with bitwise OR) hexadecimal error code.
IKE Phase-1 Initiator error: Proposal did not match policy (100002).
Here, the hexadecimal codes
00100000 for “Proposal did not match policy” and
00000002 for “Peer IP address mismatch”) produces the code
00100002 = 100002.
The following table lists codes that are valid for engine software versions 5.0 and later.
| Hex code | Error message |
|---|---|
| 00000020 | Access group mismatch |
| 00008000 | Authentication method mismatch |
| 00020000 | Encapsulation mode mismatch |
| 00000002 | Peer IP address mismatch |
| 00100000 | Proposal did not match policy |
| 00400000 | Remote address not allowed |
| 00000040 | Traffic selector mismatch (local) |
| 00000080 | Traffic selector mismatch (remote) |
| 00200000 | Tunnel type mismatch |
| 00000200 | Remote ID mismatch |
| 00000100
00000004 00000001 |
Internal configuration-related problems. See the other messages to troubleshoot. |