Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

The VPN tunnel fails to display on the VPN Concentrator and the "Tunnel rejected: Policy not found for Src:X.X.X.X, Dst: X.X.X.X" error message appears in the event log of the VPN Concentrator

Core issue

The VPN tunnel fails to come up on the VPN Concentrator with this error message in event logs:

%IKE/61: Tunnel rejected: Policy not found for Src:%s, Dst: %s!


The VPN Concentrator is not able to find security policy information for the private networks/hosts indicated in the event. These networks or hosts are sent by the initiator and do not match any entries in the IPsec rules of the VPN Concentrator. This is most likely a misconfiguration.

Refer to Error Message Decoder for more information about this error message.


  • Originate-Only This VPN Concentrator originates the IKE tunnel. An originate-only endpoint is analogous to a telephone that only makes outgoing phone calls; it cannot receive calls.

  • Answer-Only This VPN Concentrator accepts the IKE tunnel. An answer-only connection is analogous to a telephone that only receives incoming calls; it cannot make calls.

  • Bi-directional This VPN Concentrator can either originate or accept the IKE tunnel. It is like a telephone that can both make calls and receive calls.
Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:43 PM
Updated by:
Labels (1)