The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Security Gateway accepts another Diffie-Hellman group then what is configured
Solution ID
sk122438
Product
IPSec VPN
Version
R77.20, R77.30, R80.10, R80.20, R80.30
Date Created
18-Jan-2018
Last Modified
02-Oct-2019
Show more details
Show less details
Symptoms
When the VPN peer is initiating IKE negotiation with Security Gateway, and is sending another Diffie-Hellman group then what is configured in the VPN community, the Security Gateway accepts it, and later the VPN traffic is dropped.
Cause
Configuration mismatch - Perfect Forward Secrecy was configured on the Security Gateway, but not on the VPN peer.
