Question & Answer
Question
I get messages similar to these when setting up the Phase 1 IPsec tunnel:
EZD1093I Policy mismatch : statement ( state_num ) requires parameter (parameter ) with value ( policy_val ) but proposal ( prop_num ) value is ( prop_val )
EZD1021I No proposal chosen with KeyExchangeRule ( rule ) and KeyExchangeAction ( action )
Answer
TCPIP message EZD1093I indicates that the Internet Key Exchange (IKE) daemon was unable to accept a proposal because there was a mismatch in the configured policy. It also indicates the values that did not match.
TCPIP message EZD1021I indicates that the IKE phase 1 negotiation failed because no proposal in the offer was accepted by the local security endpoint. It also indicates indicates the KeyExchangeRule and KeyExchangeAction statements that were in effect when the mismatch occurred.
If the proposal that contains the mismatch is the one that should be accepted, either alter the local policy to accept the value in this proposal or notify the administrator of the remote security endpoint about the mismatch and ask the administrator to alter the remote configuration to propose the correct values.
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
16 March 2016
UID
dwa1258829