Secure Mobile Access 12.4 Administration Guide

Auditing Connection Status Messages

The network proxy/tunnel audit log includes a connection status code that is often useful in debugging client/server connection problems. The status code is the field immediately following the destination-ip:port field in the log file (see Network Tunnel Audit Log for a description of an entire log file entry). the Connection status codes table describes each code.

Connection status codes
Connection status codeDescription
0Successful connection attempt with no errors encountered
1Client presented an invalid TEAM credential
2Couldn't send TEAM request to client, error in tunnel auth exchange, or error in PS auth exchange
3Tunnel protocol at client is below minimum supported by appliance
4TP error, or unsupported feature requested
5Session sat idle longer than allowed by configuration or defaults
6Tunnel pools have no addresses available
9No tunnel internal address (bad cfg); realm_list (shouldn't happen) problem; client rejected resource list
10Client version mismatch
11All available tunnel pool addresses conflict with the client's networking environment in fatal ways
12Special error to client indicating it should attempt a resume immediately
65535Permission denied
65524Out of memory
65520System busy, session dropped
65514Internal inconsistency, unexpected condition encountered
65504Tunnel service aborted
65432Connection reset by peer
65429Not connected (internal error)
65428Tunnel service shutdown
65426Timeout (not necessarily an error, esp. for UDP flows)
65279No authentication method
65278Authentication failed (for example, the user entered an invalid username/password)
65277Authentication I/O fail
65276Authentication quiet fail
65275Lost client connection
65274Cannot load module
65273Not authorized (for example, access denied due to policy)
65272Encrypt failure
65271Unknown failure

Examples

If a user enters an invalid username/password, error number 65535 appears in the log:

192.168.2.69:3127 ssl "testing" "26/Feb/2017:21:31:51.947 +0000" none -:- 65535 385 0 14 352711-01-521146-5

If a timeout occurred, the message contains error number 65426:

192.168.2.69:3127 ssl "testing" "26/Feb/2017:21:31:51.947 +0000" none -:- 65426 385 0 1 352711-01-521146-5

All tunnel traffic originating from the client and destined for the Internet (running in redirect-all mode) is routed through an IP address you specify on the Configure Network Tunnel Service page in AMC (Enable route to Internet). If this route to the Internet is not available, you’ll see a connection status code of 65504:

151.219.76.85:4827 - "(l248411)@(Radius)" "26/Jun/2016:17:54:14.916 +0000" 1.1 Flow:TCP 165.170.0.1:1503 65504 0 0 60 352711-01-521146-5

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.