You need to authorize the IKE daemon to the external security manager.
To authorize the IKE daemon to RACF®, perform the steps in Steps for authorizing the IKE daemon to RACF.