Support Center > Search Results > SecureKnowledge Details
IKEv2 negotiation for Site-to-Site VPN tunnel with 3rd party peer fails if IKEv2 SA payload contains more than 8 proposals
Symptoms
  • IKEv2 negotiation for Site-to-Site VPN tunnel between Check Point Security Gateway and 3rd party peer fails.

  • IKE debug on Check Point Security Gateway (per sk33327) shows:

    [ PID][Date  Time][ikev2] Message::decodeAllPayloads: payload 1: SecurityAssociation (next=KeyExchange) 
    [ PID][Date  Time][ikev2] ikeProposalList::add_prop: Proposal List full 
    [ PID][Date  Time][ikev2] ikeProposalList::add_prop: Proposal List full 
    [ PID][Date  Time][ikev2] ikeProposalList::add_prop: Proposal List full 
    [ PID][Date  Time][ikev2] ikeProposalList::add_prop: Proposal List full 
    ... 
    [ PID][Date  Time][ikev2] SAValidator::createCommonProp: my methods are different from peer's prop 0 
    [ PID][Date  Time][ikev2] SAValidator::createCommonProp: my methods are different from peer's prop 1 
    [ PID][Date  Time][ikev2] SAValidator::createCommonProp: my methods are different from peer's prop 2 
    [ PID][Date  Time][ikev2] SAValidator::createCommonProp: my methods are different from peer's prop 3 
    [ PID][Date  Time][ikev2] SAValidator::createCommonProp: my methods are different from peer's prop 4 
    [ PID][Date  Time][ikev2] SAValidator::createCommonProp: my methods are different from peer's prop 5 
    [ PID][Date  Time][ikev2] SAValidator::createCommonProp: my methods are different from peer's prop 6 
    [ PID][Date  Time][ikev2] SAValidator::createCommonProp: my methods are different from peer's prop 7 
    [ PID][Date  Time][ikev2] SAValidator::createCommonProp: No common proposal 
    [ PID][Date  Time][ikev2] SAValidator::isValidSA: failed to get a prop common to me and peer. 
    
Cause

Check Point Security Gateway supports up to 8 proposals in IKEv2 SA payload.
The IKEv2 SA payload sent by 3rd party VPN peer contains more than 8 proposals.
Relevant proposal is one of those not processed.


Solution
Note: To view this solution you need to Sign In .