VPN Decryption Failed Alert

The firewall displays the log "VPN Decryption Failed" in the Log Monitor or in the packet monitor.

This error could be related to an encrypted packet which has been fragmented and so the appliance is not able to decrypt it.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

 NOTE: This error is most likely due to 3rd party connections (i.e. ISP connections) that are fragmenting IPSec packets.

On the SonicWall you will need to make sure the options "Enable Fragmented Packet Handling" is ticked and "Ignore DF Bit" is disabled to ensure the correct handling of those packets by the SonicWall. However, this is only a workaround that might help in garbled environments and does not always fix the issue. If the issue persists, the root cause should be investigated on the ISP or remote side of the VPN as the packets are arriving corrupted on the SonicWall.

You can find the options above under Network | IPSec VPN | Advanced:

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

NOTE: This error is most likely due to 3rd party connections (i.e. ISP connections) that are fragmenting IPSec packets.

On the SonicWall you will need to make sure the options "Enable Fragmented Packet Handling" is ticked and "Ignore DF Bit" is disabled to ensure the correct handling of those packets by the SonicWall. However, this is only a workaround that might help in garbled environments and does not always fix the issue. If the issue persists, the root cause should be investigated on the ISP or remote side of the VPN as the packets are arriving corrupted on the SonicWall.

You can find the options above under Manage | VPN | Advanced Settings:

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

 NOTE: This error is most likely due to 3rd party connections (i.e. ISP connections) that are fragmenting IPSec packets.

On the SonicWall you will need to make sure the options "Enable Fragmented Packet Handling" is ticked and "Ignore DF Bit" is disabled to ensure the correct handling of those packets by the SonicWall. However, this is only a workaround that might help in garbled environments and does not always fix the issue. If the issue persists, the root cause should be investigated on the ISP or remote side of the VPN as the packets are arriving corrupted on the SonicWall.

You can find the options above under VPN | Advanced: