vpn site-to-site nortel1100 and 1841 can't negotiate

Unanswered Question
Mar 27th, 2007

Dear sir,

I'm already test connection vpn between nortel1100 and c1841 can't work but IKE phase 1 and 2 work please verify log.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
p.krane Mon, 04/02/2007 - 06:14

If the nature of IPSec tunnel is dynamic you can replace it with a static tunnel if the Nortel is capable to do it. This means an IPSec tunnel is established automatically when there is "interesting traffic". In some cases the use of MD5 instead of SHA helps to bring up the tunnel. So you can try to use a transform set with MD5. Of course in this case the Nortel's config must be changed also to use MD5 and disable AH. Also you can try to use the IP address of the interface for the identity with the "crypto isakmp identity address" command.


This Discussion