The information you are about to copy is INTERNAL! DO NOT share it with anyone outside Check Point.
Define your search:
Search entire support site
VPN traffic dropped with "dropped by vpn_ipsec_decrypt Reason: decryption failure: tunnel is accelerated but packet was not decrypted by SecureXL"
R80.20, R80.30, R80.40
Platform / Model
Tunnel is up, but site-to-site VPN traffic is dropped with "dropped by vpn_ipsec_decrypt Reason: decryption failure: tunnel is accelerated but packet was not decrypted by SecureXL;"
Turning off VPN acceleration with "vpn accel off" resolves the issue.
Output of "ip route get" of the destination address is using a link, on which the VPN is not terminated.
reply_from_same_IP is set to "true"
SecureXL kernel debug for interesting VPN traffic shows "localip error" print: [cpu_0];[SIM-206960861];vpn_decrypt: connection
localip error; [cpu_0];[SIM-206960861];sim_db_get_any_conn: conn
not found (vsid 0), ret -1;
External interface has an alias IP, and the relevant external IP is defined as alias IP.
Different interface for processing the VPN traffic than where the VPN is terminated.
Note: To view this solution you need to
Thanks for your feedback!
Are you sure you want to rate this
SECURE YOUR EVERYTHING
1994-2021 Check Point Software Technologies Ltd. All rights reserved.