Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1726I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
||||||||||||||||||||||||||||||||||||||||||||||
EZD1726I SWSA shadow tunnel installation failed timestamp vpnaction= vpnaction tunnelID= tunID AHSPI= AHindex ESPSPI= ESPindex reason= rsn reason
code= rsncode ExplanationThe installation of a Sysplex-Wide Security Associations (SWSA) shadow tunnel for a distributed DVIPA on a target stack failed. The SWSA function enables a distributing TCP/IP stack to negotiate IPSec tunnels for distributed DVIPAs. The IPSec tunnels are installed on target stacks for the distributed DVIPA as shadow tunnels. SWSA requires that the IP filter policy that applies to the DVIPA be consistent between the target stack and the distributing stack. One reason the tunnel installation might fail is if the IP filter policies are not consistent, therefore the shadow tunnel cannot be installed because the target stack does not have IP filter rules that correspond to that tunnel. In the message text:
See the information about Sysplex-wide Security Associations in z/OS Communications Server: IP Configuration Guide. System actionThe tunnel installation fails; TCP/IP processing continues. Operator responseNone. System programmer responseEnsure that the IP filter policy on the distributing stack for all traffic pertaining to the distributed DVIPA is correctly mirrored on the target stack. Also, take any additional action dictated by the reason code. User responseNot applicable. Problem determinationNot applicable. Sourcez/OS Communications Server TCP/IP: IPSec Moduleezatrzos.c Routing codeNot applicable. Descriptor codeNot applicable. AutomationNot applicable. Example
|
Copyright IBM Corporation 1990, 2014
|