EZD1925I

Explanation
 The Internet Key Exchange (IKE) daemon is initiating
a transport-mode Security Association (SA) for a new IKEv2 dynamic
tunnel with a non-z/OS peer. The SA traverses a Network Address Translation
(NAT) device. There might be problems with interoperability with the
non-z/OS peer for a transport-mode SA. z/OS® is
 providing NAT traversal support for a defined group of configurations
where z/OS is running the IKE
daemon. See the IP security in z/OS Communications Server: IP Configuration
Guide for a description of the supported configurations
and interoperability considerations.

System action
 The SA negotiation continues.

Operator response
 If the SA negotiation fails or if data cannot
be successfully sent over the SA, contact the system programmer.

System programmer response
 Determine whether there is an interoperability
concern that caused the SA negotiation or data flow to fail. See the IP security in z/OS Communications Server: IP Configuration
Guide for a description of the supported configurations
and interoperability considerations.  Confirm that the non-z/OS peer
supports transport-mode with NAT traversal as defined in RFC 5996
section 2.23.1.
 A possible solution is to use a tunnel-mode
IpDynVpnAction object instead of a transport-mode IpDynVpnAction object.
See the Policy Agent and policy applications in z/OS Communications Server: IP Configuration
Reference for more information about configuring policy.

User response
 Not applicable.

Problem determination
 Not applicable.

Source
 z/OS Communications
Server TCP/IP: IKE daemon

Module
 CommonIPsecSA.cpp

Routing code
 2

Descriptor code
 5

Automation
 Not applicable.

Example
  EZD1925I IKE detected a NAT while initiating a new transport mode IKEv2 dynamic tunnel with a non-z/OS peer