Support Center > Search Results > SecureKnowledge Details
Traffic is dropped 'by cphwd_offload_conn Reason: VPN and/or NAT traffic between accelerated and non-accelerated interfaces or between non-accelerated interfaces is not allowed'
Symptoms
  • Kernel debug shows (fw ctl zdebug -m fw + drop) that traffic is dropped:

    '... is dropped by cphwd_offload_conn Reason: VPN and/or NAT traffic between accelerated and non-accelerated interfaces or between non-accelerated interfaces is not allowed'
Cause

No fix is required; the system is functioning as designed.

SecureXL does not support Point-to-Point interfaces (PPP, PPTP, PPPoE). In case a PPP-interface is detected, SecureXL disables itself on that interface (hence the name 'non-accelerated interface').

Refer to the following note in any 'Performance Pack Administration Guide' (R65, R70, R71, R75, R75.20, R75.40, R75.40VS, R76R77):

Note: Performance Pack is automatically disabled on PPTP and PPPoE interfaces.

 

If a connection is detected, which flows through even one such non-accelerated interface, and this connection is NATed and/or sent over VPN, it will be dropped, because SecureXL is not able to handle it: because of NAT (Client Side or Server Side) and/or VPN, some connection parameters are not available - SecureXL is not able to determine how to pass such connection.


Solution
Note: To view this solution you need to Sign In .