Sonicwall TZ210 DH group reverts from 2 to 1

What is the client using to connect to the SonicWall VPN?

Do you have "Enable Perfect Forward Secrecy" enabled?

Hi penguins_rule,

Upgrade the firmware and retest.

Client has a Cisco ASA 5505
Enable Perfect Forward Secrecy is not enabled
Current firmware version is SonicOS Enhanced 5.5.1.0-5o

It's not convenient to upgrade the firmware unless it is really necessary.

Are you using Certificates or a preshared secret for IKE Policy?

Do you know what version ASA release client is running?

In general, I think you have an IKEv2 policy that is falling back to IKEv1 due to an IKEv2 incompatible device...

The connection works fine for several weeks at a time.
Then the DH Group reverts back to 1 on the Sonicwall. The client using the Cisco ASA 5500 cannot connect until the Sonicwall is changed back to DH group 2

Using IKE preshared key
ASA release client is not readily attainable

thanks for your help. I will schedule an upgrade to the firmware. it may take a few weeks, i will post how it goes.

No problem...we'll be here for you!

upgraded the firmware to the current version. On the reboot with current firmware, the DH group was changed from 2 to 1. I will have to wait and see if it changes again.

That is nothing to worry about on the onset. Sometimes for compatibility reasons settings slightly change especially when going from deprecated firmware versions to new core releases.

I'd change it all to DH2 and then restart the SonicWALL. Everything should be OK thereafter.

Let me know how it goes!