Support Center > Search Results > SecureKnowledge Details
VPN Traffic drops due to decryption error "Tunnel is accelerated but packet was not decrypted by SecureXL" Technical Level
Symptoms
  • VPN traffic over a PPPoE interface is not working when SecureXL is enabled.
    Running kernel debug (# fw ctl zdebug + drop) will show the following drop:
    dropped by vpn_ipsec_decrypt Reason: decryption failure: tunnel is accelerated but packet was not decrypted by SecureXL
Cause

SecureXL does not support Point-to-Point interfaces (PPP, PPTP, PPPoE). If a PPP-interface is detected, SecureXL disables itself on that interface (hence the name 'non-accelerated interface').

SecureXL cannot be 'disabled' in R80.20 and above, as in previous versions. 


Solution
Note: To view this solution you need to Sign In .