Support Center > Search Results > SecureKnowledge Details
Packets dropped in Site to Site VPN tunnel with "Failed to resolve VPN MEP gateway" error message Technical Level
  • Packets are dropped in a Site to Site VPN tunnel with two Multiple Entry Point central Security Gateways. The VPN community includes at least one third-party peer with a fully overlapping encryption domain.
  • This error message appears in logs: "Failed to resolve VPN MEP gateway".
  • The $FWDIR/log/ikev2.xmll output file shows many Authentication Exchange failures with "Authentication Failed" messages.

When the Security Gateway sends dead peer detection messages for Multiple Entry Point resolution, it uses public IP addresses as Traffic Selectors instead of using Universal Traffic Selectors.
If the Security Gateway sends DPD messages every 10 seconds, the problem may be related to dead peer detection exchanges that were initiated for Multiple Entry Point resolution.

The error notification is caused by one of these problems:

Wrong ID payload IP address 
Wrong Traffic Selectors

Note: To view this solution you need to Sign In .