Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD0824I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD0824I Possible NAT traversal remapping detected: timestamp original
sipaddr=origsipaddr new sipaddr= newsipaddr
original sport=origport new sport=newport
dipaddr=dipaddr proto=proto vpnaction= vpnaction tunnelID=
tunID ESPSPI= tunID ExplanationA packet received over the specified tunnel contained a source IP address or source port that was different than the value at the time the tunnel was negotiated. If origsipaddr does not match newsipaddr, an address remapping might have occurred at the remote network address translation (NAT) device. If origport does not match newport, a port remapping might have occurred at the remote network address port translation (NAPT) device. timestamp is the stack timestamp that indicates the time at which the failure was detected by the stack. This time is retrieved from the system time-of-day clock, which usually reflects coordinated universal time. This timestamp might be different than the syslogd message timestamp. origsipaddr is the IP address of the tunnel current remote endpoint. newsipaddr is the source IP address from the inbound packet. origport is the remote IKE peer port at the time the tunnel was negotiated. newport is the remote IKE peer port from the UDP encapsulation header of the inbound packet. dipaddr is the destination IP address from the inbound packet. proto is
the protocol from the decapsulated packet. Possible values are:
vpnaction is the name specified on the IpDynVpnAction statement. tunID is the tunnel ID. tunID is the ESP security parameter index. System actionThe current inbound packet is dropped and processing is initiated to verify whether a NAT remapping actually occurred. Subsequent packets that do not match the tunnel current remote endpoint of the IKE peer port are also dropped. TCP/IP processing continues. Operator responseNone. System programmer responseNone. ModuleEZATRZOS Procedure nametrmd_ipsec_log |
Copyright IBM Corporation 1990, 2014
|