176 Appendix C System messages

Action: Make sure the PFS settings on both sides match. Either enable PFS on the remote side, or disable PFS locally.

ISAKMP [13] Error notification (No proposal chosen) received from xxx (a.b.c.d)

Description: The proposal made by the local VPN Router is rejected by a VPN Client. This usually indicates that the client is using an international version (56-bit) while the VPN Router has stronger encryption enabled.

Action: The encryption methods used by the client and the VPN Router must match. Either provide the user with a VPN Client version that supports the stronger encryption method used by the VPN Router, or enable 56-bit encryption on the VPN Router.

Description: The proposal made by the local VPN Router is rejected by a remote branch office VPN Router, or by an IPsec implementation from another vendor.

Action: Check with the administrator of the remote system to determine the cause of the problem. If the remote system is another VPN Router, the cause is noted in that system’s log.

ISAKMP [13] Authentication failure in message from xxx (a.b.c.d)

In many cases, a Session:IPsec message precedes the ISAKMP message. If the Session:IPsec message indicates an error, the Session message describes the cause and required action. If there is no Session:IPsec error message, see the following list of causes and solutions for explanations.

Description: No encryption types are enabled for the account in question.

Action: Enable the desired encryption types.

Description: The requested authentication method (for example, RSA Digital Signature) is not enabled.

Action: Enable all required authentication types. Make sure the unneeded types are disabled.

NN46110-602

Page 176
Image 176
Nortel Networks NN46110-602 manual Isakmp 13 Authentication failure in message from xxx a.b.c.d