Key exchange limitations
Key policy definition is based on the identities of remote
IKE servers. During an IKEv2 authentication exchange, the IKE daemon
must choose a key exchange rule and action before the identity of
the remote IKE server is known. This determines policy decisions that
are made early in the negotiation. These decisions cannot be reversed
later in the negotiation; however, where applicable, once the identity
of the remote IKE server is known these policy decisions are verified.
The z/OS® IKE daemon manages
the policy selection process as described in the following topics: