Invalid user ID

Symptom

Invalid user ID.

Analysis

In IPsec, user IDs are used to identify data flows and to set up different IPsec tunnels for different data flows. Now, the IP address and username are used as the user ID.

The following is the debugging information:

got NOTIFY of type INVALID_ID_INFORMATION

Or

drop message from A.B.C.D due to notification type INVALID_ID_INFORMATION

Solution

Check that the ACLs in the IPsec policies configured on the interfaces at both ends are compatible. Configure the ACLs to mirror each other. For more information about ACL mirroring, see the chapter "IPsec configuration."