Question & Answer
Question
We had converted our TCPIP Stack from device to Interface statements. Everything is working fine except FTPs to external
customers. Firewall is showing the Interface address attempting to go out instead of the TCPIP Home address. Before these changes from (Device to Interface) the firewall was seeing the TCPIP Home address.
Answer
The profile has the SOURCEVIPA keyword on the IPCONFIG statement. When the DEVICE/LINK statement was used for the OSAs (or HiperSockets), the static VIPA was selected for the source address on outbound connections based on the order of definitions in the HOME list. But when the INTERFACE statement is used, it needs to specify the associated VIPA name with the SOURCEVIPAINTERFACE keyword to have the same effect. If the packets must go through firewalls or other network devices that block the non-VIPA addresses, the associated operations will time out.
Resolving the problem:
Add the missing SOURCEVIPAINTERFACE specification to the INTERFACE statement(s). For example, if the old HOME statement had the following content:
HOME
...
10.11.12.13 VIPA1
10.9.8.7 OSA1
...
The new INTERFACE statement must have the following content:
INTERFACE OSA1 DEFINE IPAQENET
IPADDR 10.9.8.7/xx
SOURCEVIPAINTERFACE VIPA1
...
Note: For legacy devices such as CTC, CLAW (CIP router), LCS OSA (OSE CHPID), and others, the order of definitions in the HOME list is still important. This also means that for z/OS 2.1 and above, VIPAs referenced for these device types cannot be converted to VIRTUAL INTERFACE statements.
Was this topic helpful?
Document Information
Modified date:
03 July 2018
UID
dwa1456588