Filter
Top Products
Appendix C System messages 175
Nortel VPN Router Troubleshooting
2 Manually verify the tunnel-related certificate fingerprints. Perform this
procedure any time you suspect tampering.
ISAKMP messages
ISAKMP [13] No proposal chosen in message from xxx (a.b.c.d)
In many cases, a Session:IPsec message precedes the ISAKMP message. If the
Session:IPsec message indicates an error, then the Session message describes the
cause and required action. If there is no Session:IPsec error message, see the
following list of causes and solutions for explanations.
Description: The encryption types proposed by branch office xxx do not match
the encryption types configured locally.
Action: Check the encryption types on both sides to make sure they match. If
necessary, reconfigure the encryption on one system.
Description: The requested authentication method (for example, RSA* Digital
Signature) is not enabled.
Action: Enable all required authentication types. Make sure the unneeded types
are disabled.
Description: One side of the connection is configured to support dynamic routing
while the other side is configured for static routing, where branch office is xxx.
Action: Configure both sides to use the same routing type.
Description: Both sides are configured to support static routing. However, the
local and remote network definitions of the two sides do not match, where branch
office is xxx.
Action: Configure both sides to have matching local and remote network
definitions.
Description: The Perfect Forward Secrecy (PFS) setting of the two sides do not
match. Branch office xxx does not have PFS enabled, while PFS is required by the
local settings.