Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1116I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1116I IKE detected an NAPT in front of the remote security endpoint
while initiating a new phase phase tunnel ExplanationThe Internet Key Exchange (IKE) daemon attempted to initiate a new Security Association (SA) with a remote security endpoint that is behind a NAT performing port translation (NAPT). The z/OS® IKE daemon cannot initiate such a Security Association but can respond to negotiations with a remote security endpoint behind an NAPT. A new SA of this configuration type is not supported because there might be problems with future negotiations and traffic flow. See the information about NAT traversal considerations in z/OS Communications Server: IP Diagnosis Guide for more information. z/OS is providing NAT traversal support for a defined group of configurations where z/OS is running IKE. A description of the supported configurations is provided in configuration scenarios supported for NAT traversal in z/OS Communications Server: IP Configuration Guide. Additional diagnostic messages that have the same message instance number will be issued to identify the impacted SA. The message instance number precedes the message number in the log output and is used to group related messages from the IKE daemon. In the message text:
System actionThe negotiation fails and all associated SAs are removed; IKE daemon processing continues. Operator responseThe z/OS IKE daemon can respond only to negotiations with a remote security endpoint behind an NAPT. Contact the administrator of the remote security endpoint to initiate the negotiation for this SA. System programmer responseNone. User responseNot applicable. Problem determinationNot applicable. Sourcez/OS Communication Server TCP/IP other application Modulephase1.cpp ExampleNone. |
Copyright IBM Corporation 1990, 2014
|