VPN error codes

Under some conditions, multiple IPsec VPN errors can be detected simultaneously and combined in a single log message.

The most significant error is shown as text, and the other detected errors are indicated using a combined (with bitwise OR) hexadecimal error code.

IKE Phase-1 Initiator error: Proposal did not match policy (100002).

Here, the hexadecimal codes

00100000 for “Proposal did not match policy” and

00000002 for “Peer IP address mismatch”) produces the code

00100002 = 100002.

The following table lists codes that are valid for engine software versions 5.0 and later.

Table 1. Hexadecimal error codes in VPN log messages
Hex code Error message
00000020 Access group mismatch
00008000 Authentication method mismatch
00020000 Encapsulation mode mismatch
00000002 Peer IP address mismatch
00100000 Proposal did not match policy
00400000 Remote address not allowed
00000040 Traffic selector mismatch (local)
00000080 Traffic selector mismatch (remote)
00200000 Tunnel type mismatch
00000200 Remote ID mismatch
00000100

00000004

00000001

Internal configuration-related problems. See the other messages to troubleshoot.