z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1785I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1785I
Tentative KeyExchangeRule rule1 replaced with final KeyExchangeRule rule2

Explanation

When an IKE negotiation is started, the KeyExchangePolicy statement is searched to locate a matching KeyExchangeRule statement for the negotiation. When this KeyExchangeRule statement is located, the local and remote security endpoint identities are not known with certainty, so this KeyExchangeRule statement is considered tentative until the local and remote identities are known. Then a new search for a KeyExchangeRule statement is performed to locate the final rule.

The policy on the final KeyExchangeRule statement must be consistent with the policy chosen for the Security Association. For IKEv1, see the information about ISAKMP main mode limitations in z/OS Communications Server: IP Diagnosis Guide for more information about IKEv1. For IKEv2, see the information about key exchange limitations in z/OS Communications Server: IP Diagnosis Guide for more information about IKEv2.

In the message text:
rule
The name of the tentative KeyExchangeRule statement.
rule2
The name of the final KeyExchangeRule statement.

System action

IKE daemon processing continues.

Operator response

None.

System programmer response

None.

User response

Not applicable.

Problem determination

None.

Source

z/OS® Communications Server TCP/IP: IKE daemon

Module

CommonDomainOfInterpretation.cpp

Routing code

11

Descriptor code

7

Automation

This message is output to the syslog.

Example

EZD1785I Tentative KeyExchangeRule ker_dvipa replaced with final  KeyExchangeRule ker_dvipa9
Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014