Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1026I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1026I Cannot be a responder in a phase 2 Security Association negotiation ExplanationThe local IKE daemon is attempting to respond to a phase 2 security association (SA) negotiation request and the local policy specifies that it can act only as an initiator. Additional diagnostic messages that have the same message instance number will be issued to identify the impacted SA. The message instance number precedes the message number in the log output and is used to group related messages from the IKE daemon. System actionThe SA negotiation failed; IKE daemon processing continues. Operator responseCheck the server's configuration for phase 2 activation. When configured without the IBM® Configuration Assistant for z/OS® Communications Server, the IKE daemon's phase 2 initiation role is set on the Initiation parameter in the IpDynVpnAction statement for this SA. If the local IKE server should be able to be a responder in the negotiation for this SA, then change the server's Initiation role in the appropriate IpDynVpnAction statement to RemoteOnly or Either. See the information about the Policy Agent and policy applications in z/OS Communications Server: IP Configuration Reference for more information about configuring policy. When configured with the IBM Configuration Assistant for z/OS Communications Server, edit the corresponding Connectivity Rule in the GUI and check the Advanced IPSec: Dynamic Tunnels: How to Activate panel to see if remote activation of phase 2 tunnels is allowed. See the online helps in the GUI for additional information. System programmer responseNone. Modulepolicy.cpp Procedure nameNone. |
Copyright IBM Corporation 1990, 2014
|