When the VPN peer is initiating IKE negotiation with Security Gateway, and is sending another Diffie-Hellman group then what is configured in the VPN community, the Security Gateway accepts it, and later the VPN traffic is dropped.
Packets are dropped on proposal unmatched, although the VPN tunnel is established.
Cause
Configuration mismatch - Perfect Forward Secrecy was configured on the Security Gateway, but not on the VPN peer.
