Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZD1911I z/OS Communications Server: IP Messages Volume 2 (EZB, EZD) SC27-3655-01 |
|
EZD1911I FIPS140 support is enabled for the IKE daemon and no valid
IpDataOffers were found in IpDynVpnAction ( IDVAname ) ExplanationThis message is issued when the IKE daemon is enabled to support the Level 1 security requirements of Federal Information Processing Standard publication 140-2 (FIPS 140), and one or more IpDataOffer objects were omitted from the specified IpDynVpnAction object. If the IKE daemon is enabled for FIPS 140, the daemon omits IpDataOffer objects that use the DES, MD5, or AES_XCBC cryptographic algorithms, or Pfs with Diffe-Hellman groups 1, 2, or 5 from any proposal it builds. In the message text:
System actionThe SA negotiation fails; the IKE daemon continues. Operator responseContact the system programmer. System programmer responseIf you want the IKE daemon to be
enabled to support FIPS 140, ensure that at least one IpDataOffer
object exists in the specified IpDynVpnAction object that does not
contain any of the following:
If you do not want the IKE daemon to be enabled to support FIPS 140, then configure FIPS140 No on the IkeConfig statement in the IKED configuration file and restart the IKE daemon. See the information about Policy Agent and policy applications in z/OS Communications Server: IP Configuration Reference for more information about configuring policy. User responseNot applicable. Problem determinationNot applicable. Sourcez/OS® Communications Server TCP/IP: IKE daemon Modulepolicy.cpp Routing codeNot applicable. Descriptor codeNot applicable. AutomationNot applicable. Example
|
Copyright IBM Corporation 1990, 2014
|