EZD0962I

Explanation
 The IKE negotiation failed because the mode specified
for the responder in the  policy database is not compatible with the
role specified by the initiator of  the Security Association (SA)
negotiation.
 Additional diagnostic messages that have the same
message instance number will be issued to identify the impacted SA.
The message instance number precedes the message number in the log
output and is used to group related messages from the IKE daemon.
 mode is
the mode that this negotiation requires. mode is
either main or aggressive.

System action
 The SA negotiation failed; IKE daemon processing
continues.

Operator response
 When configured without the IBM® Configuration Assistant for z/OS® Communications Server, check the HowToRespond
parameter in the KeyExchangeAction statement corresponding to this
phase I negotiation.  If the mode reported in mode should
be allowed, change the HowToRespond parameter to allow mode.
 Otherwise, notify the administrator of the remote security endpoint
that your policy does not allow this mode of negotiation.  See the
information about the Policy Agent and policy applications in z/OS Communications Server: IP Configuration
Reference for more  information about configuring policy.
 When
configured with the IBM Configuration
Assistant for z/OS Communications
Server, edit the corresponding Connectivity Rule in the TCP/IP stack
and check the Responder Mode setting on the Advanced IPSec: Dynamic
Tunnels: Key Exchange Settings panel.  If the mode reported in mode should
be allowed, change the Responder Mode setting to allow mode.
 Otherwise, notify the administrator of the remote security endpoint
that your policy does not allow this mode of negotiation. See the
online helps in the GUI for additional information.

System programmer response
 None.

Module
 policy.cpp

Procedure name
  None.