Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD0822I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD0822I Packet denied, tunnel inactive: timestamp filter
rule= rulename ext= instance
sipaddr= sipaddr dipaddr= dipaddr
proto= proto tag1 tag2 tag3
Interface= ifcaddr ( dir )
secclass= secclass dest= dest
len= len vpnaction= vpnaction
tunnelID= tunID ifcname= ifcname fragment= frag ExplanationAn IP packet matched the indicated filter rule but the tunnel is not active. For this record to be written, the matched filter rule must have IpFilterLogging set to yes. timestamp is the stack timestamp that indicates the time at which the IP packet was processed by the stack. This time is retrieved from the system time-of-day clock, which usually reflects coordinated universal time (UTC). This timestamp might be different than the syslogd message timestamp. rulename is the filter rule name. If the IP packet matched a dynamic filter rule, the rule name of the corresponding anchor filter rule will be displayed; otherwise, the rule name of the matching filter rule will be displayed. instance is the rule name extension that indicates which instance of the rule name was matched. sipaddr is the source IP address. dipaddr is the destination IP address. proto is the protocol from
the packet. Possible values are:
The tag1 value varies depending on
the proto value.
tag2 value varies depending on the proto value.
tag3 value varies depending on the proto value
and direction.
ifcaddr is the interface address over which the packet was received or sent. dir is I if packet is inbound, O if packet is outbound. secclass is the security class assigned to the interface. Security class is a numeric value in the range of 0–255. dest is local if a local destination or routed if being routed. len is the packet length. vpnaction is applicable if a VpnAction name is associated with the matched filter. Otherwise, N/A will be shown. If the tunnel is a manual tunnel, this is the name specified on the IpManVpnAction statement. If the tunnel is a dynamic tunnel, this is the name specified on the IpDynVpnAction statement. tunID is the tunnel ID. ifcname is the interface name frag specifies whether the packet is a fragment. The value is Y if the packet is a fragment, or N if the packet is not a fragment. System actionTCP/IP processing continues. Operator responseContact the system programmer. System programmer responseIf the indicated tunnel should be active, use the ipsec command to activate the tunnel. See the information about managing network security in z/OS Communications Server: IP System Administrator's Commands or issue the man ipsec command in a z/OS® UNIX shell to obtain information about the ipsec command syntax and options. User responseNot applicable. Problem determinationNot applicable. Sourcez/OS Communications Server TCP/IP: TRMD ModuleEZATRZOS Routing code
Descriptor code
AutomationNot applicable. Example
|
Copyright IBM Corporation 1990, 2014
|