Knowledge

ERROR_IPSEC_IKE_RATELIMIT_DROP - 13903 (0x364F)

Incoming SA request was dropped due to peer IP address rate limiting.

Updated: Feb 21, 2026

Technical Meaning

The ERROR_IPSEC_IKE_RATELIMIT_DROP error code indicates that an incoming Security Association (SA) request was rejected due to rate limiting based on the peer's IP address. This mechanism is designed to prevent abuse or denial-of-service attacks by limiting the number of SA requests from a particular source within a given time frame.

Error Details

The ERROR_IPSEC_IKE_RATELIMIT_DROP error code (13903, 0x364F) is specific to the IP Security (IPSec) protocol and its implementation in Windows. It is encountered when an IPSec policy enforces rate limiting on SA requests from a particular peer IP address.

Usage Context

This error typically occurs during the establishment or renegotiation of IPsec SAs, which are used for secure communication over IP networks. The rate limiting mechanism helps to ensure that the network remains stable and secure by preventing excessive SA request traffic from a single source.

Developer Interpretation

When this error is returned, it indicates that an attempt to establish or modify an IPsec SA was denied due to exceeding the configured rate limit for the peer's IP address. Developers should handle this error by retrying the operation after a suitable delay or by adjusting the rate limiting parameters if necessary.

Related Errors

  • ERROR_IPSEC_IKE_NEGOTIATION_FAILED (13902, 0x364E): Indicates that an IPsec negotiation failed for reasons other than rate limiting.
  • ERROR_IPSEC_IKE_NO_CERT (13897, 0x3635): Indicates a lack of necessary certificates during the IPsec negotiation process.

FAQ

Q: What does the ERROR_IPSEC_IKE_RATELIMIT_DROP error mean?

A: It indicates that an IPsec SA request was dropped due to exceeding the rate limit for the peer's IP address.

Q: How can I handle this error in my application?

A: You should retry the operation after a suitable delay or adjust the rate limiting parameters if necessary.

Summary

The ERROR_IPSEC_IKE_RATELIMIT_DROP error code is specific to IPsec and indicates that an SA request was denied due to rate limiting. Developers should handle this error by managing retries and adjusting rate limiting settings as needed.