Support Center > Search Results > SecureKnowledge Details
Packets dropped in Site to Site VPN tunnel with "Failed to resolve VPN MEP gateway" error message Technical Level
Symptoms
  • Packets are dropped in a Site to Site VPN tunnel with two Multiple Entry Point central Security Gateways. The VPN community includes at least one third-party peer with a fully overlapping encryption domain.
  • This error message appears in logs: "Failed to resolve VPN MEP gateway".
  • The $FWDIR/log/ikev2.xmll output file shows many Authentication Exchange failures with "Authentication Failed" messages.
Cause

When the Security Gateway sends dead peer detection messages for Multiple Entry Point resolution, it uses public IP addresses as Traffic Selectors instead of using Universal Traffic Selectors.
If the Security Gateway sends DPD messages every 10 seconds, the problem may be related to dead peer detection exchanges that were initiated for Multiple Entry Point resolution.

The error notification is caused by one of these problems:

Wrong ID payload IP address 
Wrong Traffic Selectors


Solution
Note: To view this solution you need to Sign In .