z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1088I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1088I
IKE received an unsupported identity address type ( idtype - idtypestr ) for a Security Association traversing a NAT

Explanation

An identity address must be specified as a single IPv4 address.

Additional diagnostic messages that have the same message instance number will be issued to identify the impacted Security Association (SA). The message instance number precedes the message number in the log output and is used to group related messages from the IKE daemon.

In the message text:
identity
Possible values are:
IDci
The identity address type of the initiator.
IDcr
The identity address type of the responder.
NAT-OA
The NAT original address.
idtype
The number of the identity address type that is not supported. These values are defined in RFC2407. See Related protocol specifications for information about accessing RFCs.
idtypestr
The identity address type that is not supported. If the identity address type is not known, the value of idtypestr is Unknown.

System action

The phase 2 SA negotiation fails; IKE daemon processing continues.

System programmer response

Ensure that only single IPv4 addresses are specified as data endpoints when traversing a NAT. Notify the administrator of the remote security endpoint and ask the administrator to ensure that only single IPv4 addresses are specified as data endpoints when traversing a NAT.

User response

Contact the system programmer.

Module

oakley_phaseII.cpp

Example

None.

Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014