z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1789I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1789I
The remote security endpoint requested_ep is not included within the address rule_ep taken from rule_name

Explanation

During the negotiation of a tunnel-mode Security Association (SA) the IKE daemon determined that the requested IP addresses are not included in the security endpoint that the IKE daemon chose from the policy rule or destination address.

In the message text:
requested_ep
The IP address or IP address range endpoint that the endpoint requested for the tunnel-mode SA. The requested_ep value is the value configured for the InitiateToLocation parameter on the IpLocalStartAction statement for the applicable filter rule, or if the InitiateToLocation parameter was not configured, the value is the destination data address for the tunnel activation.
rule_ep
The remote security endpoint IP address or IP address range that is configured on the IpLocalStartAction statement for the applicable filter rule.
rule_name
The name of the IpFilterRule statement that is used for the tunnel activation. The IpFilterRule statement refers to an IpLocalStartAction statement that specifies a RemoteSecurityEndpoint parameter with the indicated rule_ep value.

System action

The SA negotiation fails; IKE daemon processing continues.

Operator response

Contact the systems programmer. Problem Determination: Not applicable.

System programmer response

Alter the local policy configuration to specify the following:
  • An InitiateToLocation value on the applicable IpLocalStartAction statement; the InitiateToLocation value must be within the range of the RemoteSecurityEndpoint location value.
  • A RemoteSecurityEndpoint parameter on the applicable IpLocalStartAction statement; the RemoteSecurityEndpoint parameter must encompass the actual remote security endpoint address.

See the information about Policy Agent and policy applications in z/OS Communications Server: IP Configuration Reference for more information about configuring policy.

User response

Not applicable.

Problem determination

Not applicable.

Source

z/OS® Communications Server TCP/IP: IKE daemon

Module

policymgr.cpp

Routing code

11

Descriptor code

7

Automation

This message is output to the syslog.

Example

EZD1789I The remote security endpoint 10.11.4.5 is not included within the  address 10.8.5.5/24  taken 
         from S4-S5_TIKE1311-5A
Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014