Sounds like the Nortel and the Cisco don't have the exact opposite crypto ACL's set up. The Nortel is sending unencrypted packets that the Cisco router thinks should be encrypted, so their ACL's don't match up.
Can you run:
> debug crypto ipsec
> debug crypto isakmp
on the router and then try and bring the tunnel up from the Nortel side, this'll tell us exactly what's going on. Check your crypto traffic though, that looks like the problem.