1

UNSUPPORTED_CRITICAL_PAYLOAD

The ePDG sends this code if the Critical Bit exists in the received message and the Payload Type is unrecognized.

4

INVALID_IKE_SPI

The ePDG does not send this code. The ePDG ignores messages with an unrecognized SPI in order to minimize the impact of DoS attacks.

5

INVALID_MAJOR_VERSION

The ePDG sends this code in response to messages with an invalid Major Version. The ePDG supports a CLI command to suppress sending this error notification in response to IKE_SA_INIT Request messages. This is done in order to avoid DoS attacks.

7

INVALID_SYNTAX

The ePDG sends this code upon receiving messages with an inappropriate format, or when necessary payloads are missing. The ePDG does not send this code during IKE_SA_INIT exchanges for an unknown IKE SA. The ePDG sends this code for non-IKEv2 INIT exchanges only (such as IKE_AUTH, CREATE_CHILD_SA, or INFORMATIONAL exchanges). The ePDG also supports a CLI command to suppress sending this error notification. This is done in order to avoid DoS attacks.

9

INVALID_MESSAGE_ID

The ePDG sends this code in INFORMATIONAL Request messages only. The ePDG also supports a CLI command to suppress sending this error notification in response to IKE_SA_INIT Request messages. This is done in order to avoid DoS attacks.

11

INVALID_SPI

The ePDG does not send this code. The ePDG ignores ESP packets with an unrecognized SPI in order to minimize the impact by DoS attacks.

14

NO_PROPOSAL_CHOSEN

The ePDG sends this code when it cannot not choose a proposal from the UE. The ePDG supports a CLI command to suppress sending this code.

17

INVALID_KE_PAYLOAD

The ePDG sends this code when the IKE payload from the UE is invalid.

24

AUTHENTICATION_FAILED

The ePDG sends this code during the EAP authentication when EAP authentication fails.

35

NO_ADDITIONAL_SAS

The ePDG sends this code when a CREATE_CHILD_SA Request message is unacceptable because the ePDG is unwilling to accept any more CHILD SAs on the IKE_SA.

36

INTERNAL_ADDRESS_FAILURE

The ePDG sends this code when the ePDG experiences a failure in address assignment.

37

FAILED_CP_REQUIRED

The ePDG sends this code when the CP payload (CFG_REQUEST) was expected but not received.

38

TS_UNACCEPTABLE

The ePDG sends this code when the TSi and/or TSr parameters contain IP protocol values other than 0.

39

INVALID_SELECTORS

The ePDG does not send this code because the selector range is not checked and ingress filtering is applied instead.

40

TEMPORARY_FAILURE

when it is under collision scenarios as specified in RFC 5996.

41

CHILD_SA_NOT_FOUND

when it is under collision scenarios as specified in RFC 5996.

1

UNSUPPORTED_CRITICAL_PAYLOAD

The ePDG sends an INFORMATIONAL (Delete) message and deletes the session information.

4

INVALID_IKE_SPI

The ePDG ignores the error message and maintain the state of existing SAs.

7

INVALID_SYNTAX

The ePDG sends an INFORMATIONAL (Delete) message and deletes the session information.

9

INVALID_MESSAGE_ID

The ePDG deletes the session information without sending an INFORMATIONAL (Delete) message.

11

INVALID_SPI

When notified in an IKE_SA message, the ePDG sends an INFORMATIONAL (Delete) message and deletes the session information. When notified outside an IKE_SA message, the ePDG ignores the error message and maintain the state for any existing SAs.

39

INVALID_SELECTORS

The ePDG sends an INFORMATIONAL (Delete) message for the IKE SA and deletes the session information.

40

TEMPORARY_FAILURE

On receipt of temporary_failure - If ePDG receives this for a rekey initiated by ePDG, ePDG shall retry rekey after some time.

41

CHILD_SA_NOT_FOUND

On receipt of CHILD_SA_NOT_FOUND - Epdg deletes the CHILDSA existing in ePDG, based on SPI.

16388

NAT_DETECTION_SOURCE_IP

16389

NAT_DETECTION_DESTINATION_IP

16390

COOKIE

16393

REKEY_SA