APAR status
Closed as program error.
Error description
**************************************************************** * USERS AFFECTED: * Systems running the 7200-04 Technology Level with * any of the following filesets at or between the given levels: * MIN MAX FILESET * 7.2.4.0 7.2.4.4 bos.net.ipsec.keymgt **************************************************************** * PROBLEM DESCRIPTION: * When using IKE_AuthenticationMethod="RSA_signatures * (certificates) * an XML that previously was working fails to load with * following error message: * # ikedb -p foo.xml * A LSP function detected a bad parameter * .... * <IKETunnel * IKE_TunnelName="T1" * IKE_ProtectionRef="T1_TRANSFORM" * IKE_Flags_AutoStart="Yes" * IKE_Flags_MakeRuleWithOptionalIP="No"> * <IKELocalIdentity> * <ASN1_DN * Value="/C=IN/ST=KA/L=BA/O=IBM/OU=ISL/CN=test1"> * </ASN1_DN> * </IKELocalIdentity> * <IKERemoteIdentity> * <ASN1_DN * Value="/C=IN/ST=KA/L=BA/O=IBM/OU=ISL/CN=test2"> * </ASN1_DN> * </IKERemoteIdentity> * </IKETunnel> **************************************************************** * RECOMMENDATION: * Install APAR IJ38765. ****************************************************************
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * Systems running the 7200-04 Technology Level with * any of the following filesets at or between the given levels: * MIN MAX FILESET * 7.2.4.0 7.2.4.4 bos.net.ipsec.keymgt **************************************************************** * PROBLEM DESCRIPTION: * When using IKE_AuthenticationMethod="RSA_signatures * (certificates) * an XML that previously was working fails to load with * following error message: * # ikedb -p foo.xml * A LSP function detected a bad parameter * .... * <IKETunnel * IKE_TunnelName="T1" * IKE_ProtectionRef="T1_TRANSFORM" * IKE_Flags_AutoStart="Yes" * IKE_Flags_MakeRuleWithOptionalIP="No"> * <IKELocalIdentity> * <ASN1_DN * Value="/C=IN/ST=KA/L=BA/O=IBM/OU=ISL/CN=test1"> * </ASN1_DN> * </IKELocalIdentity> * <IKERemoteIdentity> * <ASN1_DN * Value="/C=IN/ST=KA/L=BA/O=IBM/OU=ISL/CN=test2"> * </ASN1_DN> * </IKERemoteIdentity> * </IKETunnel> **************************************************************** * RECOMMENDATION: * Install APAR IJ38765. ****************************************************************
Problem conclusion
ikedb code has been changed to handle the xml file which does not have local/remote ipaddress in IKELocalIdentity/IKERemoteIdentity and also IKE_Flags_MakeRuleWithOptionalIP is set to "No".
Temporary fix
Comments
APAR Information
APAR number
IJ38765
Reported component name
AIX V7.2
Reported component ID
5765CD200
Reported release
720
Status
CLOSED PER
PE
YesPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-03-15
Closed date
2022-03-15
Last modified date
2022-09-12
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX V7.2
Fixed component ID
5765CD200
Applicable component levels
R720 PSY U890171
UP22/09/02 I 1000
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SG11S"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"720","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Document Information
Modified date:
12 September 2022