EZD0823I   UDP Encapsulated ESP packet can not be routed: timestamp sipaddr= sipaddr dipaddr= dipaddr proto= proto vpnaction= vpnaction tunnelID= tunID ESPSPI= ESPindex

Explanation

The final destination address of a UDP-encapsulated ESP packet is not local. Routing beyond the tunnel endpoint is not supported for this type of encapsulation.

timestamp is the stack timestamp that indicates the time at which the failure was detected by the stack. This time is retrieved from the system time-of-day clock, which usually reflects coordinated universal time. This timestamp might be different than the syslogd message timestamp.

sipaddr is the public source IP address.

dipaddr is the destination IP address.

proto is the protocol from the decapsulated packet. Possible values are:
  • ICMP(1)
  • IGMP(2)
  • IP(4)
  • TCP(6)
  • UDP(17)
  • OSPF(89)
  • IPIP(94)
  • The protocol number

vpnaction is the name specified on the IpDynVpnAction statement.

tunID is the tunnel ID.

ESPindex is the ESP security parameter index.

System action

The packet is dropped and TCP/IP processing continues.

Operator response

Contact the system programmer.

System programmer response

Ensure that the tunnel is defined correctly on the sending and receiving systems. See the information about IP Security in z/OS Communications Server: IP Configuration Guide for information about defining IPSec tunnels. Use the ipsec command to display filter and tunnel information. See the information about managing network security in z/OS Communications Server: IP System Administrator's Commands or issue the man ipsec command in a z/OS® UNIX shell to obtain information about the ipsec command syntax and options.

Module

EZATRZOS

Procedure name

trmd_ipsec_log