Explanation
An unsuccessful attempt was made to perform remote
port translation. The rsn value provides additional
information about the failure.
timestamp is
the stack timestamp that indicates the time at which the failure was
detected by the stack. This time is retrieved from the system time-of-day
clock, which usually reflects coordinated universal time. This
timestamp might be different than the syslogd message timestamp.
sipaddr
is the public source IP address.
dipaddr
is the destination IP address.
proto is
the protocol from the decapsulated packet. Possible values are:
srcport is the connection source
port.
dstport is the connection destination
port.
ikeport is the source port from
the UDP encapsulation header.
vpnaction
is the name specified on the IpDynVpnAction statement.
tunID is
the tunnel ID.
ESPindex is the ESP security
parameter index.
rsn is the reason code.
Possible values are:
- 1
- The connection source port (srcport) in the
inbound packet was already in use by another client with the same
public source IP address. No alternate port was available.
- 2
- A storage shortage prevented an alternate port from being assigned.
- 3
- An internal error occurred during table lookup.
- 4
- An internal error prevented the port translation entry from being
added.
- 6
- An internal error occurred when port translation was requested
for a protocol that was not valid.
- 7
- An internal error prevented the port translation entry from being
added.
System action
The packet is dropped and TCP/IP processing continues.
Operator response
Contact the system programmer.
System programmer response
The value of
rsn determines
the appropriate system programmer response.
- 1
- The translated port selection is limited to the port range specified
in the filter policy that the packet matches. If a translated port
could not be assigned, then the maximum number of ports specified
in the filter policy are in use. Use the ipsec command
to display the filter and the port translation entries.
See
the information about managing network security in z/OS Communications Server: IP System Administrator's
Commands or issue the man ipsec command
in a z/OS® UNIX shell to obtain information about the ipsec command
syntax and options.
See the information about remote port translation in z/OS Communications Server: IP Configuration
Guide for more information about port translation.
- 2
- Determine the cause of the storage shortage. See z/OS Communications Server: IP Diagnosis Guide for information about storage shortages.
- 3
- If this message appears repeatedly, take a dump of TCP/IP and
contact the IBM® Software Support
Center.
- 4
- If this message appears repeatedly, take a dump of TCP/IP and
contact the IBM Software Support
Center.
- 6
- If this message appears repeatedly, take a dump of TCP/IP and
contact the IBM Software Support
Center.
- 7
- If this message appears repeatedly, take a dump of TCP/IP and
contact the IBM Software Support
Center.
Module
Procedure name
trmd_ipsec_log