EZD0824I

Explanation
 A packet received over the specified tunnel contained
a source IP address or source port that was different than the value
at the time the tunnel was  negotiated.  If origsipaddr 
does not match newsipaddr,  an address remapping
might have occurred at the remote network address translation (NAT)
device. If origport  does not match  newport,
a port remapping might have occurred at the remote network address
port translation (NAPT) device.
 timestamp is
the stack timestamp that indicates the time at which the failure was
detected by the stack. This time is retrieved from the system time-of-day
clock,  which usually reflects coordinated universal time.    This
timestamp might be  different than the syslogd message timestamp. 
 origsipaddr 
is the IP address of the tunnel current remote endpoint. 
 newsipaddr 
is the source IP address from the inbound packet.   
 origport 
is the remote IKE peer port  at the time the tunnel was negotiated.

 newport  is the remote IKE peer port
 from the UDP encapsulation header of  the inbound packet.  
 dipaddr is
the destination IP address from the inbound packet. 
 proto is
the protocol from the decapsulated packet.  Possible  values are:
 ICMP(1)
IGMP(2)
IP(4) 
TCP(6) 
UDP(17) 
OSPF(89) 
IPIP(94) 
The protocol number 

 vpnaction   is the name specified
on the IpDynVpnAction statement.    
 tunID is
the tunnel ID. 
 tunID  is the ESP security
parameter index.

System action
 The current inbound packet is dropped and processing
is initiated to verify whether a NAT remapping actually occurred.
 Subsequent packets that do not match the  tunnel current remote endpoint
of the IKE peer port are also dropped.   TCP/IP processing continues.

Operator response
 None.

System programmer response
 None.

Module
 EZATRZOS

Procedure name
  trmd_ipsec_log