Table of Contents
Advertisement
2
ISAKMP messages
ISAKMP [13] No proposal chosen in message from xxx (a.b.c.d)
In many cases, a Session:IPsec message precedes the ISAKMP message. If the
Session:IPsec message indicates an error, then the Session message describes the
cause and required action. If there is no Session:IPsec error message, see the
following list of causes and solutions for explanations.
Description: The encryption types proposed by branch office xxx do not match
the encryption types configured locally.
Action: Check the encryption types on both sides to make sure they match. If
necessary, reconfigure the encryption on one system.
Description: The requested authentication method (for example, RSA* Digital
Signature) is not enabled.
Action: Enable all required authentication types. Make sure the unneeded types
are disabled.
Description: One side of the connection is configured to support dynamic routing
while the other side is configured for static routing, where branch office is xxx.
Action: Configure both sides to use the same routing type.
Description: Both sides are configured to support static routing. However, the
local and remote network definitions of the two sides do not match, where branch
office is xxx.
Action: Configure both sides to have matching local and remote network
definitions.
Description: The Perfect Forward Secrecy (PFS) setting of the two sides do not
match. Branch office xxx does not have PFS enabled, while PFS is required by the
local settings.
Manually verify the tunnel-related certificate fingerprints. Perform this
procedure any time you suspect tampering.
Appendix C System messages 175
Nortel VPN Router Troubleshooting
Advertisement
Table of Contents
Troubleshooting
