- Nortel VPN Router Troubleshooting
176 Appendix C System messages
NN46110-602
Action: Make sure the PFS settings on both sides match. Either enable PFS on the
remote side, or disable PFS locally.
ISAKMP [13] Error notification (No proposal chosen) received
from xxx (a.b.c.d)
Description: The proposal made by the local VPN Router is rejected by a VPN
Client. This usually indicates that the client is using an international version
(56-bit) while the VPN Router has stronger encryption enabled.
Action: The encryption methods used by the client and the VPN Router must
match. Either provide the user with a VPN Client version that supports the
stronger encryption method used by the VPN Router, or enable 56-bit encryption
on the VPN Router.
Description: The proposal made by the local VPN Router is rejected by a remote
branch office VPN Router, or by an IPsec implementation from another vendor.
Action: Check with the administrator of the remote system to determine the cause
of the problem. If the remote system is another VPN Router, the cause is noted in
that system’s log.
ISAKMP [13] Authentication failure in message from xxx
(a.b.c.d)
In many cases, a Session:IPsec message precedes the ISAKMP message. If the
Session:IPsec message indicates an error, the Session message describes the cause
and required action. If there is no Session:IPsec error message, see the following
list of causes and solutions for explanations.
Description: No encryption types are enabled for the account in question.
Action: Enable the desired encryption types.
Description: The requested authentication method (for example, RSA Digital
Signature) is not enabled.
Action: Enable all required authentication types. Make sure the unneeded types
are disabled.