IBM Support

SE74211 - OSP-UNPRED TRAFFIC SELECTOR END PORT VALUE IS SET INCORRECTLY
WHEN A SINGLE PORT IS SPECIFIED FOR AN IKEV2 CONNECTION

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 APAR (Authorized Program Analysis Report)

Abstract

OSP-UNPRED TRAFFIC SELECTOR END PORT VALUE IS SET INCORRECTLY
WHEN A SINGLE PORT IS SPECIFIED FOR AN IKEV2 CONNECTION

Error Description

When a single port is specified for a VPN phase 2 id, it is    
being stored only in the start port range field. The VPN code  
sees the zero end port range value and interprets it as 65535  
and sets the traffic selector to a port range value that is    
incorrect. Changes will be made to the VPN code to ensure that  
the end port range matches the value of the start port range    
when a single port is specified for phase 2.                    

Problem Summary

When a single port is specified for an IKEv2 connection, VPN    
sets the traffic selector payload end port value incorrectly    
which can cause interoperability issues with other VPN          
implementations.                                                

Problem Conclusion

The traffic selector end port value is set correctly when a    
single port is specified for an IKEv2 connection. If a single  
port is configured for an IKEv2 connection between two IBM i    
systems, both systems must have this fix applied to successfully
establish a VPN connection.                                    

Temporary Fix

Comments

Circumvention


PTFs Available

R720 SI74093  1084

R730 SI74058  1098

R740 SI74095  1091

Affected Modules


         
         

Affected Publications

Summary Information

Status............................................CLOSED PER
HIPER...........................................No
Component..................................5770SS100
Failing Module..........................RCHMGR
Reported Release...................R730
Duplicate Of..............................




IBM i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0"},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.2; 7.3; 7.4","Product":{"code":"SG15Q","label":"APARs - OS\/400 General"},"Component":"5770SS1","Edition":""}]

Document Information

Modified date:
16 April 2021