z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1090I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1090I
Initiation of a phase 2 Security Association negotiation for a new dynamic tunnel failed because the remote security endpoint is a security gateway

Explanation

When traversing a NAT, a local initiation of a phase 2 Security Association (SA) for a new dynamic tunnel with a remote security endpoint that is a security gateway is not supported. To use this configuration, the remote security endpoint must be the initiator. z/OS® is providing NAT traversal support for a defined group of configurations where z/OS is running the IKE daemon. See the information about IP security in z/OS Communications Server: IP Configuration Guide for a description of the supported configurations.

System action

The phase 2 SA negotiation fails; IKE daemon processing continues.

Operator response

Contact the system programmer.

System programmer response

Notify the administrator of the remote security endpoint that it must be the initiator when using this configuration.

Module

sa.cpp

Procedure name

None.

Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014