z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1784I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1784I
Received optional IDr payload but could not find applicable KeyExchangeRule - LocalIp : LSIP RemoteIp : RSIP LocalID : LSID RemoteID : RSID

Explanation

The remote IKEv2 peer provided an optional Identification - Responder (IDr) payload in its IKE_SA_INIT request to the local Internet Key Exchange (IKE) daemon. This IDr payload contained an identity that did not match the local key exchange policy, so the local identity (LocalID) that is specified by the optional IDr payload is ignored.

Additional messages that have the same message instance number are issued to identify the affected SA. The message instance number precedes the message number in the log output and is used to group related messages from the IKE daemon.

In the message text:
LSIP
The local security endpoint IP address.
RSIP
The remote security endpoint IP address.
LSID
The local security endpoint identity as provided by the remote IKEv2 peer. The LSID is an ID type followed by optional data.
RSID
The remote security endpoint identity as provided by the remote IKEv2 peer. The RSID is an ID type followed by optional data.

The ID type is one of the values defined in RFC 5996 Internet Key Exchange (IKEv2) Protocol section 1.4. For example, ID_IPV4_ADDR, ID_FQDN, or ID_IPV6_ADDR

See Related protocol specifications for information about accessing RFCs.

System action

IKE daemon processing continues; the local identity (LocalID) that is specified by the optional IDr payload is ignored.

Operator response

Add a suitable KeyExchangeRule statement for the classification to the IPSec policy, if necessary. See the information about Policy Agent and policy applications in z/OS Communications Server: IP Configuration Reference for more information about configuring policy.

System programmer response

None.

User response

Not applicable.

Problem determination

None.

Source

z/OS® Communications Server TCP/IP: IKE daemon

Module

policymgr.cpp

Routing code

11

Descriptor code

7

Automation

This message is output to syslog.

Example

EZD1784I Received optional IDr payload but could not find applicable  KeyExchangeRule - 
         LocalIp : 9.1.1.1 RemoteIp : 9.2.2.2 LocalID : ID_FQDN  example.ibm.com  
         RemoteID : ID_IPV4_ADDR 9.2.2.2
Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014