z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


EZD1786I

z/OS Communications Server: IP Messages Volume 2 (EZB, EZD)
SC27-3655-01

EZD1786I
Cannot negotiate IKEv1 tunnel for filter rule rulename using specific types or codes

Explanation

IKEv1 does not support the negotiation of tunnels for specific ICMP types and codes, ICMPv6 types and codes, or MIPv6 types and codes. The filter rule specified by the rulename value uses an IpService definition that specifies either individual types and codes or a range of types and codes, for ICMP, ICMPv6, or MIPv6 traffic. A tunnel negotiation was attempted that used the specified filter rule with a KeyExchangeAction statement that requires IKEv1 to initiate the negotiation. Tunnels that use either individual types and codes or a range of types and codes can be negotiated for IKEv2, but not for IKEv1.

In the message text:
rulename
The name of the filter rule.

System action

The tunnel activation fails; IKE daemon processing continues.

Operator response

None.

System programmer response

Examine the policy definition for the rule name and modify it to correct the error. Potential changes include:
  • Specify HowToInitiateVersion IKEv2.
  • Do not code specific values or ranges of ICMP, ICMPv6, or MIPv6 types and codes.

User response

Not applicable.

Problem determination

None.

Source

z/OS® Communications Server TCP/IP: IKE daemon

Module

config_adapter.cpp

Routing code

11

Descriptor code

7

Automation

This message is output to syslog.

Example

EZD1786I  Cannot negotiate IKEv1 tunnel for filter rule TimestampRequestReply  using specific 
          types or codes
Parent topic: EZD1xxxx messages

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014