z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1908I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1908I
Tunnel activation for stackname using KeyExchangeRule kername failed because the identity type is not compatible with the authentication method

Explanation

An attempt to initiate Internet Key Exchange version 2 (IKEv2) tunnel activation for a stack failed because the LocalSecurityEndpoint statement that is defined for the KeyExchangeRule statement has Identity type KeyId, but the KeyExchangeAction statement specifies a local authentication method on the HowToAuthMe parameter that is not pre-shared key. Identity type KeyId can be used only in conjunction with PresharedKey authentication.

In the message text:
stackname
The name of the stack for which the IKE tunnel is being activated
kername
The name of the KeyExchangeRule for this IKE tunnel activation attempt.

System action

This tunnel activation attempt fails. IKE daemon processing continues.

Operator response

Contact the system programmer.

System programmer response

Find the named KeyExchangeRule in the IPSec policy definitions and change the HowToAuthMe value to PresharedKey, or change the LocalSecurityEndpoint Identity to a type that is compatible with the authentication method specified on HowToAuthMe value (for example, Fqdn).

User response

Not applicable.

Problem determination

Not applicable.

Source

z/OS® Communications Server TCP/IP: IKE daemon

Module

anchor_ureq.cpp

Routing code

7

Descriptor code

11

Automation

The message is output to syslog

Example

EZD1908I Tunnel activation for TCPCS2 using KeyExchangeRule IKEv2-SA1-TCP failed because the identity type 
         is not compatible with the authentication  method
Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014