z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1117I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1117I
Initiation of a phase 2 negotiation with a remote security endpoint behind an NAPT is prohibited - the pending phase 2 request was deleted

Explanation

A request to initiate a phase 2 Security Association (SA) with a remote security endpoint behind a NAT performing port translation (NAPT) was deleted. A new SA of this configuration type is not supported because there might be problems with future negotiations and traffic flow. See the information about NAT traversal considerations in z/OS Communications Server: IP Diagnosis Guide for more information.

Additional diagnostic messages that have the same message instance number will be issued to identify the impacted SA. The message instance number precedes the message number in the log output and is used to group related messages from the IKE daemon.

System action

The request for the phase 2 negotiation is deleted; IKE daemon processing continues.

Operator response

The z/OS® IKE daemon can respond only to phase 2 negotiations with a remote security endpoint behind an NAPT. Request that the administrator of the remote security endpoint initiate the SA for this negotiation.

System programmer response

None.

User response

Not applicable.

Problem determination

Not applicable.

Source

z/OS Communication Server TCP/IP other application

Module

phase1.cpp

Example

None.

Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014