Isakmp messages – Nortel Networks NN46110-602 User Manual

Appendix C System messages 175

Nortel VPN Router Troubleshooting

2

Manually verify the tunnel-related certificate fingerprints. Perform this
procedure any time you suspect tampering.

ISAKMP messages

ISAKMP

[13] No proposal chosen in message from xxx (a.b.c.d)

In many cases, a Session:IPsec message precedes the ISAKMP message. If the
Session:IPsec message indicates an error, then the Session message describes the
cause and required action. If there is no Session:IPsec error message, see the
following list of causes and solutions for explanations.

Description: The encryption types proposed by branch office xxx do not match
the encryption types configured locally.

Action: Check the encryption types on both sides to make sure they match. If
necessary, reconfigure the encryption on one system.

Description: The requested authentication method (for example, RSA* Digital
Signature) is not enabled.

Action: Enable all required authentication types. Make sure the unneeded types
are disabled.

Description: One side of the connection is configured to support dynamic routing
while the other side is configured for static routing, where branch office is xxx.

Action: Configure both sides to use the same routing type.

Description: Both sides are configured to support static routing. However, the
local and remote network definitions of the two sides do not match, where branch
office is xxx.

Action: Configure both sides to have matching local and remote network
definitions.

Description: The Perfect Forward Secrecy (PFS) setting of the two sides do not
match. Branch office xxx does not have PFS enabled, while PFS is required by the
local settings.