Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

vpn site-to-site nortel1100 and 1841 can't negotiate

Dear sir,

I'm already test connection vpn between nortel1100 and c1841 can't work but IKE phase 1 and 2 work please verify log.

Thanks.

1 REPLY
Community Member

Re: vpn site-to-site nortel1100 and 1841 can't negotiate

If the nature of IPSec tunnel is dynamic you can replace it with a static tunnel if the Nortel is capable to do it. This means an IPSec tunnel is established automatically when there is "interesting traffic". In some cases the use of MD5 instead of SHA helps to bring up the tunnel. So you can try to use a transform set with MD5. Of course in this case the Nortel's config must be changed also to use MD5 and disable AH. Also you can try to use the IP address of the interface for the identity with the "crypto isakmp identity address" command.

105
Views
0
Helpful
1
Replies
CreatePlease to create content