z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1155I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1155I
t_name transform t_num in proposal p_num does not include an integrity algorithm

Explanation

The Internet Key Exchange (IKE) daemon received a proposal that contains a transform with no encryption algorithm and no integrity algorithm during a dynamic tunnel negotiation. Such a proposal is not permitted and is an auditable event. If no acceptable proposal is received then EZD1022I will also be issued.

In the message text:
t_name
The transform name.
t_num
The transform number. There might be multiple transforms in a proposal.
p_num
The proposal number. There might be multiple proposals in a Security Association (SA) establishment message.

System action

If the IKE daemon does not accept any of the proposals, the negotiation fails; IKE daemon processing continues.

Operator response

Contact the system programmer.

System programmer response

Use the remote IPSec IP information in the SA context information to identify the source of the invalid proposal. Contact the owner of the invalid proposal and request that the configuration be corrected.

User response

Not applicable.

Problem determination

Not applicable.

Source

z/OS® Communications Server TCP/IP: IKE daemon

Module

ipsec_match.cpp

Routing code

Not applicable for syslog message.

Descriptor code

Not applicable for syslog message.

Automation

This message goes to the syslog.

Example

Jun 22 21:24:13 MVS073 IKE: Message instance 3: *** SA Context Information *** 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: Phase 2 SAID : 4          Assoc P1 ID : 1 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: Stackname : TCPCS2   
Jun 22 21:24:13 MVS073 IKE: Message instance 3: Local IPSec Client ID info  : IPV4 Subnet 0.0.0.0/0 Port: Any 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: Remote IPSec Client ID info : Ipv4 1.1.0.1 Port: Any 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: Local IPSec IP info : 1.2.0.1 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: Remote IPSec IP info : 1.1.0.1 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: Protocol : UDP(17) 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: IpFilterRuleName : 0~6 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: AH SPIs in/out : 0 / 0 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: ESP SPIs in/out : 0 / 0 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: EZD1155I ESP_NULL transform 1 in proposal 1 does not 
include an integrity algorithm 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: EZD1155I ESP_NULL transform 1 in proposal 2 does not 
include an integrity algorithm 
Jun 22 21:24:13 MVS073 IKE: Message instance 3: EZD1022I No proposal chosen with IpFilterRule ( 0~6 ) and 
IpDynVpnAction ( IPSec__Gold )
Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014