Unable to establish a Firewall/VPN IPsec tunnel to the Web Security Service, the firewall IPSEC log showed an error.

The firewall IPsec verbose logs showed the following error:

[ENC] parsed INFORMATIONAL_V1 request 4216246776 [ HASH N(AUTH_FAILED) ]
[IKE] received AUTHENTICATION_FAILED error notify

The error message indicates Phase 1 Identifier Mismatch.

Review the firewall's VPN IPsec phase 1 configuration profile, make sure to set the local ID to the given public egress IP.

The IP should be the same as the one added in the WSS portal under Connectivity > Location > Access Method Firewall VPN.