Expert Advice

N3T_IPSec_Pkts_Denied_Mismatch  
Situation Description
Suggested Actions
Situation Description

The number of packets being denied due to a mismatch with the filter's action may be high.

 

Suggested Actions

First identify which filters are causing the mismatch alert. This problem could indicate a policy mismatch between the peer and this TCP/IP stack. Another possibility is attempted suspicious activity. Enable logging for the associated filter rule and monitor the traffic using the UNIX syslog.

This warning situation is based on the Packets Denied by Mismatch attribute. By default, this situation is evaluated every 15 minutes and is not run at startup.

 

Copyright IBM Corp. 2007 All Rights Reserved US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contact IBM