When setting up the Phase 1 IPSec tunnel, why do I get messages EZD1093I and EZD1021I ?

Question & Answer

Question

I get messages similar to these when setting up the Phase 1 IPsec tunnel:

 EZD1093I Policy mismatch : statement  ( state_num ) requires parameter (parameter ) with  value ( policy_val ) but proposal ( prop_num ) value is ( prop_val )
 EZD1021I No proposal chosen with KeyExchangeRule ( rule ) and KeyExchangeAction ( action  )

Answer

TCPIP message EZD1093I indicates that the Internet Key Exchange (IKE) daemon was unable to accept a proposal because there was a mismatch in the configured policy. It also indicates the values that did not match.

TCPIP message EZD1021I indicates that the IKE phase 1 negotiation failed because no proposal in the offer was accepted by the local security endpoint. It also indicates indicates the KeyExchangeRule and KeyExchangeAction statements that were in effect when the mismatch occurred.

If the proposal that contains the mismatch is the one that should be accepted, either alter the local policy to accept the value in this proposal or notify the administrator of the remote security endpoint about the mismatch and ask the administrator to alter the remote configuration to propose the correct values.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Was this topic helpful?

Document Information

Modified date:
16 March 2016

UID

dwa1258829

Tips