Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1924I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1924I IKE detected a NAT while initiating a new tunnel mode IKEv2
dynamic tunnel with a non-z/OS peer ExplanationThe Internet Key Exchange (IKE) daemon is initiating a tunnel-mode Security Association (SA) for a new IKEv2 dynamic tunnel with a non-z/OS peer. The SA traverses a Network Address Translation (NAT) device. There might be problems with interoperability with the non-z/OS peer for a tunnel-mode SA. z/OS® is providing NAT traversal support for a defined group of configurations where z/OS is running the IKE daemon. See the IP security in z/OS Communications Server: IP Configuration Guide for a description of the supported configurations and interoperability considerations. System actionThe SA negotiation continues. Operator responseIf the SA negotiation fails or if data cannot be successfully sent over the SA, contact the system programmer. System programmer responseDetermine whether there is an interoperability concern that caused the SA negotiation or data flow to fail. See the IP security in z/OS Communications Server: IP Configuration Guide for a description of the supported configurations and interoperability considerations. If this is a host-to-host tunnel, a possible solution is to use a transport-mode IpDynVpnAction object instead of a tunnel-mode IpDynVpnAction object. See the Policy Agent and policy applications in z/OS Communications Server: IP Configuration Reference for more information about configuring policy. User responseNot applicable. Problem determinationNot applicable. Sourcez/OS Communications Server TCP/IP: IKE daemon ModuleCommonIPsecSA.cpp Routing code2 Descriptor code5 AutomationNot Applicable. Example
|
Copyright IBM Corporation 1990, 2014
|