This behavior is by design for IKEv2.
For IKEv1 this is a configurable value.
This behavior is by design. Check Point gateways always send the main IP of the gateway as the IKE ID.
Note: By default ikev2 uses the main IP as ID, but since R80.10 it can be changed to FQDN/DN as well (important for Azure integration).
Some third party VPN peers will not allow an IKE ID that is an IP address to differ from the IP address that the VPN terminates on.
See sk33822 - Site-to-Site VPN connection between Check Point VPN-1 and third-party gateways fails with (AUTHENTICATION-FAILED) error for a possible work-around when this is encountered.
This is a controlable feature within Check Point's SmartDashboard (since at least R74.46):
(Cluster object > IPSec VPN > Link Selection)
Selecting the 'Selected address from topology table:' or 'Statically NATed IP:' option will affect the IPv4 address used as the IKE ID in Main Mode Packet 5.
In R80.30, Check Point gateways no longer use the main IP of the gateway as IKE ID. This is true when using IKEV2, and when link selection is configured to use another interface than the main IP (which is the default).
Note: Using "DNS Resolving" or "Link probing" in "Link selection" with IKEv2, will result in the gateway using its main IP as IKE ID.”
Note: sk173048 describes a hotfix for an issue that was found in the new mechanism (for R80.30 and higher) and is supposed to make the behavior work, as stated here (sk44978).