EZD0826I   Remote port translation failed: timestamp sipaddr= sipaddr dipaddr= dipaddr proto= proto srcport=srcport dstport=dstport ikeport=ikeport vpnaction= vpnaction tunnelID= tunID ESPSPI= ESPindex rsn= rsn

Explanation

An unsuccessful attempt was made to perform remote port translation. The rsn value provides additional information about the failure.

timestamp is the stack timestamp that indicates the time at which the failure was detected by the stack. This time is retrieved from the system time-of-day clock, which usually reflects coordinated universal time. This timestamp might be different than the syslogd message timestamp.

sipaddr is the public source IP address.

dipaddr is the destination IP address.

proto is the protocol from the decapsulated packet. Possible values are:
  • TCP(6)
  • UDP(17)

srcport is the connection source port.

dstport is the connection destination port.

ikeport is the source port from the UDP encapsulation header.

vpnaction is the name specified on the IpDynVpnAction statement.

tunID is the tunnel ID.

ESPindex is the ESP security parameter index.

rsn is the reason code. Possible values are:
1
The connection source port (srcport) in the inbound packet was already in use by another client with the same public source IP address. No alternate port was available.
2
A storage shortage prevented an alternate port from being assigned.
3
An internal error occurred during table lookup.
4
An internal error prevented the port translation entry from being added.
6
An internal error occurred when port translation was requested for a protocol that was not valid.
7
An internal error prevented the port translation entry from being added.

System action

The packet is dropped and TCP/IP processing continues.

Operator response

Contact the system programmer.

System programmer response

The value of rsn determines the appropriate system programmer response.
1
The translated port selection is limited to the port range specified in the filter policy that the packet matches. If a translated port could not be assigned, then the maximum number of ports specified in the filter policy are in use. Use the ipsec command to display the filter and the port translation entries.

See the information about managing network security in z/OS Communications Server: IP System Administrator's Commands or issue the man ipsec command in a z/OS® UNIX shell to obtain information about the ipsec command syntax and options.

See the information about remote port translation in z/OS Communications Server: IP Configuration Guide for more information about port translation.

2
Determine the cause of the storage shortage. See z/OS Communications Server: IP Diagnosis Guide for information about storage shortages.
3
If this message appears repeatedly, take a dump of TCP/IP and contact the IBM® Software Support Center.
4
If this message appears repeatedly, take a dump of TCP/IP and contact the IBM Software Support Center.
6
If this message appears repeatedly, take a dump of TCP/IP and contact the IBM Software Support Center.
7
If this message appears repeatedly, take a dump of TCP/IP and contact the IBM Software Support Center.

Module

EZATRZOS

Procedure name

trmd_ipsec_log