VPN Decryption Failed Alert

10/26/2022 154 People found this article helpful 497,159 Views

Description

The firewall displays the log "VPN Decryption Failed" in the Log Monitor or in the packet monitor.

Cause

This error could be related to an encrypted packet which has been fragmented and so the appliance is not able to decrypt it.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

NOTE: This error is most likely due to 3rd party connections (i.e. ISP connections) that are fragmenting IPSec packets.

On the SonicWall you will need to make sure the options "Enable Fragmented Packet Handling" is ticked and "Ignore DF Bit" is disabled to ensure the correct handling of those packets by the SonicWall. However, this is only a workaround that might help in garbled environments and does not always fix the issue. If the issue persists, the root cause should be investigated on the ISP or remote side of the VPN as the packets are arriving corrupted on the SonicWall.

You can find the options above under Network | IPSec VPN | Advanced:

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

NOTE: This error is most likely due to 3rd party connections (i.e. ISP connections) that are fragmenting IPSec packets.

On the SonicWall you will need to make sure the options "Enable Fragmented Packet Handling" is ticked and "Ignore DF Bit" is disabled to ensure the correct handling of those packets by the SonicWall. However, this is only a workaround that might help in garbled environments and does not always fix the issue. If the issue persists, the root cause should be investigated on the ISP or remote side of the VPN as the packets are arriving corrupted on the SonicWall.

You can find the options above under Manage | VPN | Advanced Settings:

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

NOTE: This error is most likely due to 3rd party connections (i.e. ISP connections) that are fragmenting IPSec packets.

On the SonicWall you will need to make sure the options "Enable Fragmented Packet Handling" is ticked and "Ignore DF Bit" is disabled to ensure the correct handling of those packets by the SonicWall. However, this is only a workaround that might help in garbled environments and does not always fix the issue. If the issue persists, the root cause should be investigated on the ISP or remote side of the VPN as the packets are arriving corrupted on the SonicWall.

You can find the options above under VPN | Advanced:

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

VPN Decryption Failed Alert

Description

Cause

Resolution

Resolution for SonicOS 7.X

Resolution for SonicOS 6.5

Resolution for SonicOS 6.2 and Below

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch