diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index dacbac85a..1b4d85673 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -80,10 +80,12 @@ typedef struct bus_t bus_t;
  * Kind of alerts to raise.
  */
 enum alert_t {
-	/* a RADIUS server did not respond, no additional arguments */
+	/** a RADIUS server did not respond, no additional arguments */
 	ALERT_RADIUS_NOT_RESPONDING,
-	/* a shutdown signal has been received, argument is a int with the signal */
+	/** a shutdown signal has been received, argument is the signal (int) */
 	ALERT_SHUTDOWN_SIGNAL,
+	/** responder authentication failed, no arguments */
+	ALERT_RESPONDER_AUTH_FAILED,
 };
 
 /**
diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c
index 0756c7d60..f52f17aa5 100644
--- a/src/libcharon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
@@ -908,7 +908,7 @@ METHOD(task_t, process_i, status_t,
 			if (!id_payload)
 			{
 				DBG1(DBG_IKE, "IDr payload missing");
-				return FAILED;
+				goto remote_auth_failed;
 			}
 			id = id_payload->get_identification(id_payload);
 			get_reserved_id_bytes(this, id_payload);
@@ -926,7 +926,7 @@ METHOD(task_t, process_i, status_t,
 								this->reserved);
 				if (!this->other_auth)
 				{
-					return FAILED;
+					goto remote_auth_failed;
 				}
 			}
 			else
@@ -944,7 +944,7 @@ METHOD(task_t, process_i, status_t,
 				case NEED_MORE:
 					return NEED_MORE;
 				default:
-					return FAILED;
+					goto remote_auth_failed;
 			}
 			this->other_auth->destroy(this->other_auth);
 			this->other_auth = NULL;
@@ -953,7 +953,7 @@ METHOD(task_t, process_i, status_t,
 		if (!charon->bus->authorize(charon->bus, FALSE))
 		{
 			DBG1(DBG_IKE, "authorization forbids IKE_SA, cancelling");
-			return FAILED;
+			goto remote_auth_failed;
 		}
 
 		/* store authentication information, reset authenticator */
@@ -978,7 +978,7 @@ METHOD(task_t, process_i, status_t,
 			case NEED_MORE:
 				break;
 			default:
-				return FAILED;
+				goto remote_auth_failed;
 		}
 	}
 	if (mutual_eap)
@@ -986,7 +986,7 @@ METHOD(task_t, process_i, status_t,
 		if (!this->my_auth || !this->my_auth->is_mutual(this->my_auth))
 		{
 			DBG1(DBG_IKE, "do not allow non-mutual EAP-only authentication");
-			return FAILED;
+			goto remote_auth_failed;
 		}
 		DBG1(DBG_IKE, "allow mutual EAP-only authentication");
 	}
@@ -999,12 +999,13 @@ METHOD(task_t, process_i, status_t,
 	{
 		if (!update_cfg_candidates(this, TRUE))
 		{
-			return FAILED;
+			goto remote_auth_failed;
 		}
 		if (!charon->bus->authorize(charon->bus, TRUE))
 		{
-			DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling");
-			return FAILED;
+			DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, "
+					      "cancelling");
+			goto remote_auth_failed;
 		}
 		DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
 			 this->ike_sa->get_name(this->ike_sa),
@@ -1018,6 +1019,10 @@ METHOD(task_t, process_i, status_t,
 		return SUCCESS;
 	}
 	return NEED_MORE;
+
+remote_auth_failed:
+	charon->bus->alert(charon->bus, ALERT_RESPONDER_AUTH_FAILED);
+	return FAILED;
 }
 
 METHOD(task_t, get_type, task_type_t,