hope somebody can help me, I am trying to set up a VPN between Google CLoud VPN and Palo Alto. Any help will be appreciated. Here is my log:
D remote host is behind NAT
D authentication of '35.xxx.xxx.xxx' (myself) with pre-shared key
I establishing CHILD_SA vpn_103.xxx.xxx.xxx
D generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(EAP_ONLY) ]
D sending packet: from 35.xxx.xxx.xxx[4500] to 103.xxx.xxx.xxx[4500] (416 bytes)
D received packet: from 103.xxx.xxx.xxx[4500] to 35.xxx.xxx.xxx[4500] (80 bytes)
D parsed IKE_AUTH response 1 [ N(NO_PROP) ]
D IDr payload missing
D generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
D sending packet: from 35.xxx.xxx.xxx[4500] to 103.xxx.xxx.xxx[4500] (80 bytes)
D creating acquire job for policy with reqid {1}
I initiating IKE_SA vpn_103.xxx.xxx.xxx[159] to 103.xxx.xxx.xxx
D generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
D sending packet: from 35.xxx.xxx.xxx[500] to 103.xxx.xxx.xxx[500] (892 bytes)
D received packet: from 103.xxx.xxx.xxx[500] to 35.xxx.xxx.xxx[500] (38 bytes)
D parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
D peer didn't accept DH group MODP_2048, it requested MODP_1024
I initiating IKE_SA vpn_103.xxx.xxx.xxx[159] to 103.xxx.xxx.xxx
D generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) ]
D sending packet: from 35.xxx.xxx.xxx[500] to 103.xxx.xxx.xxx[500] (764 bytes)
D received packet: from 103.xxx.xxx.xxx[500] to 35.xxx.xxx.xxx[500] (304 bytes)
D parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
D remote host is behind NAT
I noticed error: "peer didn't accept DH group MODP_2048, it requested MODP_1024"
My peer device (Palo Alto) has Group 2 (MODP_1024). My question is, How to set DH Group in GCP to Group 2 (MODP_1024)?
