This information identifies the most common user errors and provides possible resolutions.
This section describes of some of the more common problems that occur with VPN, and links you to tips on how to resolve them.
When you configure VPN, you are actually creating several different configuration objects, each of which VPN requires to enable a connection.
In terms of the VPN GUI, these objects are: The IP Security Policies and the Secure Connections. So, when this information refers to an object, it is referring to one or more of these parts of the VPN.
- VPN error message: TCP5B28
When you attempt to activate filter rules on an interface, you get this message: TCP5B28 CONNECTION_DEFINITION order violation
- VPN error message: Item not found
When you right-click a VPN object and select either Properties or Delete, you get a message that says, Item not found.
- VPN error message: PARAMETER PINBUF IS NOT VALID
When you attempt to start a connection, you get a message that says, PARAMETER PINBUF IS NOT VALID...
- VPN error message: Item not found, Remote key server...
When you select Properties for a dynamic-key connection, you get an error that says that the server cannot find the remote key server you specified.
- VPN error message: Unable to update the object
When you select OK on the property sheet for a dynamic-key group or manual connection, you get a message that tells you the system cannot update the object.
- VPN error message: Unable to encrypt key...
You get a message that says that the system cannot encrypt your keys because the QRETSVRSEC value must be set to 1.
- VPN error message: CPF9821
When you try to expand or open the IP Policies container in iSeries™ Navigator, the CPF9821- Not authorized to program QTFRPRS in QSYS library message appears.
- VPN error: All keys are blank
When you view the properties of a manual connection, all preshared keys and the algorithm keys for the connection are blank.
- VPN error: Sign-on for a different system appears when using Packet Rules
The first time you use the Packet Rules interface in iSeries, a sign-on display appears for a system other than the current one.
- VPN error: Blank connection status in iSeries Navigator window
A connection has no value in the Status column in the iSeries Navigator window.
- VPN error: Connection has enabled status after you stop it
After you stop a connection, the iSeries Navigator window indicates that the connection is still enabled.
- VPN error: 3DES not a choice for encryption
When you are working with an IKE policy transform, data policy transform, or a manual connection, the 3DES encryption algorithm is not a choice.
- VPN error: Unexpected columns display in the iSeries Navigator window
Set up the columns you want to display in the iSeries Navigator window for your VPN connections; then, when you look at it later, different columns display.
- VPN error: Active filter rules fail to deactivate
When you try to deactivate the current set of filter rules, the message, The active rules failed to be deactivated appears in the results window.
- VPN error: The key connection group for a connection changes
When you create a dynamic-key connection, you specify a dynamic-key group and an identifier for the remote key server. Later, when you view the properties of the related connection object, the General page of the property sheet displays the same remote key server identifier, but a different dynamic-key group.
Parent topic:
Troubleshooting VPN