Support Center > Search Results > SecureKnowledge Details
Route Based VPN (VTI) fails due to: "Wrong peer gateway for decrypted packet (VPN Error code 01)" Technical Level
Symptoms
  • Route Based Site to Site VPN (VTI) traffic is being dropped for:
    "Wrong peer gateway for decrypted packet (VPN Error code 01)".
Cause

The destination address/network behind the peer's VTI interface also exists in the encryption domain of one of the other gateways in the environment.

Since the VPN peer is using VTI, its encryption domain is an "empty group".  Hence, the command vpn overlap_encdom does not find the conflicting overlapping domains.


Solution
Note: To view this solution you need to Sign In .