z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1101I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1101I
NAT detected and no valid IpDataOffers found

Explanation

This message is issued when no valid IpDataOffers are found during a negotiation traversing a NAT. When a NAT is being traversed, all IpDataOffers utilizing the AH protocol are ignored. To negotiate a security association (SA) in a NAT traversal environment, at least one Data Offer that does not contain authentication with AH must be configured.

System action

The SA negotiation fails; IKE daemon processing continues.

Operator response

Contact the system programmer.

System programmer response

Ensure that at least one data offer does not contain authentication with AH.

When configured without the IBM® Configuration Assistant for z/OS® Communications Server, ensure that at least one IpDataOffer has ESP or DoNot configured on the HowToAuth parameter in the configuration policy. See the information about the Policy Agent and policy applications in z/OS Communications Server: IP Configuration Reference for more information about configuring policy.

When configured with the IBM Configuration Assistant for z/OS Communications Server, ensure that the security level in the GUI contains at least one Data Offer that either does not use Authentication or uses Authentication with the ESP authentication protocol. See the online helps in the GUI for additional information.

Module

policy.cpp

Procedure name

None.

Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014