Knowledge

ERROR_IPSEC_IKE_MM_EXPIRED - 13885 (0x363D)

Main mode SA lifetime expired or peer sent a main mode delete.

Updated: Feb 21, 2026

Technical Meaning

The error code ERROR_IPSEC_IKE_MM_EXPIRED indicates that the main mode Security Association (SA) lifetime has expired or a peer initiated a main mode delete. This error is specific to the Internet Key Exchange (IKE) protocol used in IPsec for establishing and maintaining secure communication channels.

Error Details

In the context of IPsec, an SA is established between two peers to ensure secure data transmission. The main mode is one of the initial phases where the IKE negotiation takes place. If the negotiated lifetime of this SA expires or if a peer explicitly requests its deletion by sending a main mode delete message, this error code will be returned.

Usage Context

This error typically occurs in scenarios involving IPsec policy enforcement and key exchange mechanisms. It can be encountered during the initial setup of an IPsec tunnel or when the established SA needs to be refreshed due to expiration.

Developer Interpretation

Developers should interpret this error as a signal that either the negotiated lifetime for the main mode SA has ended, or there was an explicit request from the peer to terminate the current SA. This may require re-establishing the SA by initiating a new IKE negotiation or handling the deletion of the existing SA.

Related Errors

  • ERROR_IPSEC_IKE_SA_EXPIRED (13892, 0x364C): Indicates that an IPsec Security Association has expired due to inactivity or other reasons.
  • ERROR_IPSEC_IKE_PEER_ASKED_FOR_DELETION (13887, 0x3643): Suggests that the peer initiated a request for SA deletion.

FAQ

Q: What does this error mean?

A: The main mode Security Association has expired or a peer requested its deletion.

Q: How can I handle this error in my application?

A: You should implement logic to re-establish the IPsec connection by initiating a new IKE negotiation if necessary, and handle any cleanup required for the existing SA.

Summary

ERROR_IPSEC_IKE_MM_EXPIRED is a specific error code indicating that either the main mode Security Association has expired or a peer requested its deletion. Developers should be prepared to manage this scenario by re-establishing the connection as needed.