z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD0989I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD0989I
Transform transform_id : Diffie-Hellman group ( DH_group ) is not supported

Explanation

The Internet Key Exchange (IKE) daemon detected a Diffie-Hellman (DH) group that is not supported. Only groups 1, 2, 5, and 14 are supported.

Additional diagnostic messages that have the same message instance number will be issued to identify the impacted Security Association (SA). The message instance number precedes the message number in the log output and is used to group related messages from the IKE daemon.

transform_id is the value used to identify this transform in an IKE proposal. Supported transforms for IKE SAs are described in Policy Agent and policy applications in z/OS Communications Server: IP Configuration Reference. Phase 1 transforms are specified on a KeyExchangeOffer statement, and phase 2 transforms are specified on an IpDataOffer statement.

DH_group is the ID of the unsupported DH group. DH groups are specified on the DHGroup parameter on a KeyExchangeOffer Statement.

System action

The SA negotiation failed; IKE daemon processing continues.

Operator response

Contact the system programmer.

System programmer response

Notify the administrator of the remote security endpoint about the error and ensure that their DH group identifiers are specified correctly.

Module

gen.cpp

Procedure name

None.

Parent topic: EZD0xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014