VPN error codes
Under some conditions, multiple IPsec VPN errors can be detected simultaneously and combined in a single log message.
The most significant error is shown as text, and the other detected errors are indicated using a combined (with bitwise OR) hexadecimal error code.
IKE Phase-1 Initiator error: Proposal did not match policy (100002).
Here, the hexadecimal codes
00100000 for “Proposal did not match policy” and
00000002 for “Peer IP address mismatch”) produces the code
00100002 = 100002.
The following table lists codes that are valid for engine software versions 5.0 and later.
Hex code | Error message |
---|---|
00000020 | Access group mismatch |
00008000 | Authentication method mismatch |
00020000 | Encapsulation mode mismatch |
00000002 | Peer IP address mismatch |
00100000 | Proposal did not match policy |
00400000 | Remote address not allowed |
00000040 | Traffic selector mismatch (local) |
00000080 | Traffic selector mismatch (remote) |
00200000 | Tunnel type mismatch |
00000200 | Remote ID mismatch |
00000100
00000004 00000001 |
Internal configuration-related problems. See the other messages to troubleshoot. |