diff --git a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
index 56934e91981..7c367a3737f 100644
--- a/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
+++ b/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
@@ -110,10 +110,10 @@ public class Site2SiteVpnManagerImpl implements Site2SiteVpnService, Manager {
         String ikePolicy = cmd.getIkePolicy();
         String espPolicy = cmd.getEspPolicy();
         if (!NetUtils.isValidS2SVpnPolicy(ikePolicy)) {
-            throw new InvalidParameterValueException("The customer gateway IKE policy" + ikePolicy + " is invalid!");
+            throw new InvalidParameterValueException("The customer gateway IKE policy " + ikePolicy + " is invalid!");
         }
         if (!NetUtils.isValidS2SVpnPolicy(espPolicy)) {
-            throw new InvalidParameterValueException("The customer gateway ESP policy" + espPolicy + " is invalid!");
+            throw new InvalidParameterValueException("The customer gateway ESP policy " + espPolicy + " is invalid!");
         }
         Long lifetime = cmd.getLifetime();
         if (lifetime == null) {
diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java
index 070362dc57a..0dfeee7cf41 100755
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@@ -1082,7 +1082,7 @@ public class NetUtils {
             if (!hash.matches("md5|sha1")) {
                 return false;
             }
-            if (pfsGroup != null && !pfsGroup.matches("modp768|modp1024|modp2048")) {
+            if (pfsGroup != null && !pfsGroup.matches("modp1024|modp1536")) {
                 return false;
             }
         }
diff --git a/utils/test/com/cloud/utils/net/NetUtilsTest.java b/utils/test/com/cloud/utils/net/NetUtilsTest.java
index 3242793479b..e73e08f4ef6 100644
--- a/utils/test/com/cloud/utils/net/NetUtilsTest.java
+++ b/utils/test/com/cloud/utils/net/NetUtilsTest.java
@@ -51,14 +51,14 @@ public class NetUtilsTest extends TestCase {
     
     public void testVpnPolicy() {
         assertTrue(NetUtils.isValidS2SVpnPolicy("aes-sha1"));
-        assertTrue(NetUtils.isValidS2SVpnPolicy("des-md5;modp768"));
-        assertTrue(NetUtils.isValidS2SVpnPolicy("des-md5;modp768,aes-sha1;modp2048"));
-        assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1;modp2048"));
+        assertTrue(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024"));
+        assertTrue(NetUtils.isValidS2SVpnPolicy("des-md5;modp1024,aes-sha1;modp1536"));
+        assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1;modp1536"));
         assertTrue(NetUtils.isValidS2SVpnPolicy("3des-sha1,aes-sha1"));
         assertFalse(NetUtils.isValidS2SVpnPolicy("abc-123,ase-sha1"));
         assertFalse(NetUtils.isValidS2SVpnPolicy("de-sh,aes-sha1"));
         assertFalse(NetUtils.isValidS2SVpnPolicy(""));
-        assertFalse(NetUtils.isValidS2SVpnPolicy(";modp2048"));
-        assertFalse(NetUtils.isValidS2SVpnPolicy(",aes;modp2048,,,"));
+        assertFalse(NetUtils.isValidS2SVpnPolicy(";modp1536"));
+        assertFalse(NetUtils.isValidS2SVpnPolicy(",aes;modp1536,,,"));
     }
 }