This section lists the three-digit error codes the TUNNEL profile may
generate.
code meaning
==== =======
421 Service not available
(E.g., the proxy does not have sufficient resources.)
450 Requested action not taken
(E.g., DNS lookup failed or connection could not
be established. See too 550.)
500 General syntax error (E.g., poorly-formed XML)
501 Syntax error in parameters
(E.g., non-valid XML, letters in "ip4" attribute, etc.)
504 Parameter not implemented
530 Authentication required
534 Authentication mechanism insufficient
(E.g., too weak, sequence exhausted, etc.)
537 Action not authorized for user
538 Encryption already enabled
(E.g., TLS already negotiated, or a SASL that
provides encryption already negotiated.)
550 Requested action not taken
(E.g., next hop could be contacted, but
malformed greeting or no TUNNEL profile advertised.)
553 Parameter invalid
554 Transaction failed (E.g., policy violation)
Note that the 450 error code is appropriate when the destination
machine could not be contacted, while the 550 error code is
appropriate when the destination machine could be contacted but the
next phase of the protocol could not be negotiated. It is suggested
that the beginning of any reply from the destination machine be
included as part of the CDATA text of the error element, for
debugging purposes.
