CheckPoint VPN – Wrong value for: Group Description

While debugging a VPN you an error in the log, that says:

IKE Main Mode Failed to match proposal: Transform 3DES / AES, SHA1 / MD5, Pre-shared secret, Group 1 (1024 bit)

This error means that you have a mismatch in Phase 1 settings on the other side of the VPN.
“Group Description” should not confuse you – mismatch is not necessarily in Diffie–Hellman group value.

If you have access to the remote device, check the settings yourself, or contact its maintainer.

Leave a Reply

Your email address will not be published.