iked Exchange Failed - Reason=Matching gateway endpoint not found.

I've come across a diagnostics message in the Traffic Monitor and haven't had much luck identifying the source/cause of it. I believe it has to do with a BOVPN configuration, but I'm having difficulties identifying what configuration is causing it.

The following diagnostic message is spamming the traffic monitor and if possible, I would like to stop it. Could someone point me in the right direction?

2020-05-02 11:35:46 iked (SITE.IP<->REMOTE.IP)IKEv2 IKE_SA_INIT exchange from REMOTE.IP:500 to SITE.IP:500 failed. Reason=Matching gateway endpoint not found.

Best Answer

Answers

  • Is the remote IP addr one to which you have a BOVPN?
    If not, it could be that the remote IP addr is trying to create an IPSec connection to your firewall.
    If this is the case, the only way to stop these connection attempts is to
    1) unselect "Enable built-in IPSec policy"
    2) add an IPSec packet filter From: Any To: Firebox
    3) add an Any packet filter, From: the REMOTE.IP To: any-external
    Make sure that this policy is above the IPSec policy - use manual order mode
    On Logging on this policy - unselect "Send a log message" to not see denies for packets from REMOTE.IP

  • The remote IP is a BOPVN (Virtual Interface). which appears to be configured properly and is active, transmitting data without issue. Given this, I'm confused as to why it's stating it can't find the endpoint gateway. An just to verify, the endpoint gateway is the local SITES.IP gateway as configured, right?

  • Consider opening a support incident to get help from a WG rep in understanding the cause of these log messages.

Sign In to comment.