The final destination address of a UDP-encapsulated ESP packet is not local. Routing beyond the tunnel endpoint is not supported for this type of encapsulation.
timestamp is the stack timestamp that indicates the time at which the failure was detected by the stack. This time is retrieved from the system time-of-day clock, which usually reflects coordinated universal time. This timestamp might be different than the syslogd message timestamp.
sipaddr is the public source IP address.
dipaddr is the destination IP address.
vpnaction is the name specified on the IpDynVpnAction statement.
tunID is the tunnel ID.
ESPindex is the ESP security parameter index.
The packet is dropped and TCP/IP processing continues.
Contact the system programmer.
Ensure that the tunnel is defined correctly on the sending and receiving systems. See the information about IP Security in z/OS Communications Server: IP Configuration Guide for information about defining IPSec tunnels. Use the ipsec command to display filter and tunnel information. See the information about managing network security in z/OS Communications Server: IP System Administrator's Commands or issue the man ipsec command in a z/OS® UNIX shell to obtain information about the ipsec command syntax and options.
EZATRZOS
trmd_ipsec_log