IBM Support

How do I control which IKE negotiation protocol is used when initiating Security Associations?

Question & Answer


Question

How do I control which IKE negotiation protocol is used when initiating Security Associations?

Answer

To specify the negotiation mode to use as the phase 1 initiator for a specific security association, configure the HowToInitiate parameter on the KeyExchangeAction statement referenced by a KeyExchangeRule statement. You can also specify a global value for the negotiation mode by configuring the HowToInitiate parameter on the KeyExchangePolicy statement.

You can specify any of the following values on the HowToInitiate parameter:

  • Main - indicates that IKE version 1 with identity protection is used when key negotiations are initiated by this system.

  • Aggressive - Indicates that IKE version 1 without identity protection is used when key negotiations are initiated by this system.

  • IKEv2 - indicates that IKE version 2 is used when key negotiations are initiated by this system.

  • DoNot - indicates that the local system cannot initiate a key exchange negotiation.

If HowToInitiate is not specified on the KeyExchangeAction statement, the IKE daemon will use the value from the HowToInitiate parameter in the KeyExchangePolicy statement.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Document Information

Modified date:
29 December 2016

UID

dwa1335036

Page Feedback