Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD2027I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD2027I Initiation of UDP encapsulated IKE version major.minor security
association generation for tunnel ID is
not permitted following DVIPA takeover; the remote peer is behind
an NAPT, or is acting as a security gateway ExplanationNegotiation of a UDP encapsulated security association (SA) following a dynamic virtual IP address (DVIPA) takeover was denied. When performing UDP encapsulation, the z/OS® host is limited to acting in responder mode when the remote peer is behind a network address port translation (NAPT) device, or is acting as a security gateway. See Configuration scenarios supported for NAT traversal in z/OS Communications Server: IP Configuration Guide for more information. Additional diagnostic messages that have the same message instance number will be issued to identify the impacted SA. The message instance number precedes the message number in the log output and is used to group related messages from the Internet Key Exchange (IKE) daemon. In the
message text:
System actionThe SA for the DVIPA was not reestablished; IKE daemon processing continues. Operator responseExamine the IKE syslog to determine the remote peer. Attempt to recover the SA by initiating the SA negotiation from the remote security endpoint. See Configuration scenarios supported for NAT traversal in z/OS Communications Server: IP Configuration Guide for more information. System programmer responseNone. User responseNot applicable. Problem determinationNot applicable. Sourcez/OS Communications Server TCP/IP: IPSec ModuleCommonIPsecSA.cpp Routing codeNot applicable for syslog message. Descriptor codeNot applicable for syslog message. AutomationThis message goes to the syslog. Example
|
Copyright IBM Corporation 1990, 2014
|