Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1799I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1799I IKE cannot initiate with local data addresses ipaddress_range for
a Security Association traversing a NAT ExplanationThe Internet Key Exchange (IKE) daemon tried to activate a phase 2 Security Association (SA) that will traverse a network address translation (NAT) device, but the identity specified for the local data endpoint in the policy for this SA defined a range of local IP addresses that is to be protected by the SA. When traversing a NAT, the IP address of the local data endpoint must be specified as a single host address. Additional diagnostic messages that have the same message instance number will be issued to identify the impacted Security Association (SA). The message instance number precedes the message number in the log output and is used to group related messages from the IKE daemon. In the message text:
System actionThe phase 2 SA negotiation fails; IKE daemon processing continues. Operator responseContact the system programmer. System programmer responseEnsure that only single host addresses are specified as data endpoints when traversing a NAT. Notify the administrator of the remote security endpoint and ask the administrator to ensure that only single IPv4 addresses are specified as data endpoints when traversing a NAT. User responseNot applicable. Problem determinationNone. Sourcez/OS® Communications Server TCP/IP: IKE daemon Moduleoakley_phaseII.cpp Routing code11 Descriptor code7 AutomationThis message is output to syslog. Example
|
Copyright IBM Corporation 1990, 2014
|