z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1782I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1782I
Received a delete payload with SPI spi_value for protocol protocol that does not belong to this IKE_SA

Explanation

The Internet Key Exchange (IKE) daemon received a message from an IKEv2 peer that contained a security parameter index value that represents a child Security Association (SA) that is to be deleted. However, the message was protected by an IKE SA other than the IKE SA to which the child SA belongs. The IKEv2 peer is in error; RFC 5996 Internet Key Exchange (IKEv2) Protocol section 1.4 requires that notification messages for child SAs are to be protected only by the IKE SA that generated the child SA. See Related protocol specifications for information about accessing RFCs.

In the message text:
spi_value
The hexadecimal SPI value that was received.
protocol
The protocol value. Possible protocol values are AH or ESP.

System action

The tunnel to be deleted is ignored; IKE daemon processing continues.

Operator response

Contact the system programmer.

System programmer response

Examine the logging information that is available at the remote IKE security endpoint to determine whether the child SA was incorrectly deleted.

User response

Not applicable.

Problem determination

Not applicable.

Source

z/OS® Communications Server TCP/IP: IKE daemon

Module

IKEv2IKESA.cpp

Routing code

11

Descriptor code

7

Automation

This message is output to the syslog.

Example

EZD1782I Received a delete payload with SPI 44BA7983 for protocol ESP that does  not belong to this IKE_SA
Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014