EZD0946I   Protocol mismatch : IpDataOffer ( offer_num ) requires ( reqd_proto ) but proposal ( prop_num ) includes ( prop_proto )

Explanation

An IKE phase 2 negotiation encountered a protocol mismatch.

Additional diagnostic messages that have the same message instance number will be issued to identify the impacted Security Association (SA). The message instance number precedes the message number in the log output and is used to group related messages from the IKE daemon.

offer_num is the number of an IpDataOffer referenced from an IpDynVpnAction. The number corresponds to the order of the references in the IpDynVpnAction. Therefore, the first IpDynVpnOffer referenced from the IpDynVpnAction would have number 1 in this message.

reqd_proto is the description of the protocols configured in the IpDataOffer indicated by the offer_num value. Possible values include AH, ESP, or AH+ESP. AH+ESP indicates that the combination of AH and ESP are required.

prop_num is the proposal number from the remote security endpoint.

prop_proto is the description of the protocols proposed in the proposal indicated by prop_num. Possible values include AH, ESP, or AH+ESP. AH+ESP indicates that the combination of AH and ESP was proposed.

System action

The IKE negotiation might succeed if a different proposal is found and accepted. If an acceptable proposal is not found, the IKE negotiation fails. If the negotiation fails, message EZD1022I will be issued, which will identify the IpDynVpnAction that referenced the IpDataOffer indicated by the offer_num value. IKE daemon processing continues.

Operator response

If the proposal that contains the mismatch is the one that should be accepted, take one of the following actions:
  • Alter the local policy to accept the protocols in this proposal.
  • Contact the system programmer.

System programmer response

If the proposal that contains the mismatch is the one that should be accepted, notify the administrator of the remote security endpoint that you received a protocol mismatch and ask the administrator to ensure that they alter the remote configuration to propose the correct protocols.

Module

policy.cpp

Procedure name

None.