z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1104I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1104I
IKE detected a NAT while initiating a new dynamic tunnel using only tunnel mode IpDataOffers with a non-z/OS peer

Explanation

The Internet Key Exchange (IKE) daemon is initiating a tunnel-mode Security Association (SA) for a new dynamic tunnel with a non-z/OS peer. The SA traverses a NAT. There might be problems with interoperability with the non-z/OS peer for a tunnel-mode SA. z/OS® is providing NAT Traversal support for a defined group of configurations where z/OS is running the IKE daemon. See the information about IP security in z/OS Communications Server: IP Configuration Guide for a description of the supported configurations and interoperability considerations.

System action

The SA negotiation continues.

Operator response

If the SA negotiation fails or if data cannot be successfully sent over the SA, contact the system programmer.

System programmer response

Determine whether there is an interoperability concern that caused the SA negotiation or data to fail. See the information about IP security in z/OS Communications Server: IP Configuration Guide for a description of the supported configurations and interoperability considerations.

A possible solution is to use transport-mode IpDataOffers. See the information about the Policy Agent and policy applications in z/OS Communications Server: IP Configuration Reference for more information about configuring policy.

Module

oakley_phaseII.cpp

Procedure name

None.

Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014