>
    Strata Copilot
    Tunnel Creation Failure - IPSec IKE SA Failure
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. NGFW Incidents Reference
    4. Tunnel Creation Failure - IPSec IKE SA Failure
    Download PDF
    Next-Generation Firewall

    Tunnel Creation Failure - IPSec IKE SA Failure

    Table of Contents

    Tunnel Creation Failure - IPSec IKE SA Failure

    Incident Code
    INC_NGFW_TUNNEL_IKE_FAILURE
    Severity
    Warning
    Category
    Network and Traffic
    Subcategory
    Site/Tunnel
    Description
    IPSec IKEv1 Phase1 and IKEv2 SA Failure
    Raise Condition
    The Incident is created when IKEv1 Phase 1 or IKEv2 SA negotiation steps fail.
    Clear Condition
    When the tunnel IKEv1 or IKE v2 SA negotiation succeeds (OR) When the tunnel associated is established
    Probable Root Cause Incident
    "INC_NGFW_TUNNEL_DOWN",
    "INC_NGFW_TUNNEL_DOWN_BY_IKEV1_AUTH_FAILURE",
    "INC_NGFW_TUNNEL_DOWN_BY_IKEV2_AUTH_FAILURE",
    "INC_NGFW_TUNNEL_IKE_MAX_RETRANSMISSION_REACHED",
    "INC_NGFW_TUNNEL_IKE_RSA_SCHEME_MISMATCH",
    "INC_NGFW_TUNNEL_IKE_V1_PEER_IDENTIFICATION_MISMATCH",
    "INC_NGFW_TUNNEL_IKE_V2_CRYPTO_MISMATCH",
    "INC_NGFW_TUNNEL_IKE_V2_CRYPTO_PROFILE_MISMATCH",
    "INC_NGFW_TUNNEL_IKE_V2_PEER_IDENTIFICATION_MISMATCH",
    "INC_NGFW_TUNNEL_IKEV1_CRYPTO_MISMATCH",
    "INC_NGFW_TUNNEL_IPSEC_TRAFFIC_SELECTOR_MISCONFIG",
    "INC_NGFW_TUNNEL_FLAPPING"

    © 2026 Palo Alto Networks, Inc. All rights reserved.