Support Center > Search Results > SecureKnowledge Details
Site to Site VPN going down frequently with error "encryption failure: According to the policy the packet should not have been decrypted."
Symptoms
  • Packet Drops in SmartView Tracker: "encryption failure: According to the policy the packet should not have been decrypted."
  • Third Party firewall (Dell Sonic) shows following error:
    Received notify: ISAKMP_AUTH_FAILED
    Received unencrypted packet in crypto active state
Cause

Site-to-Site VPN Troubleshooting on SonicWALL Security Appliances Tech Note (p.15) states:

Received notify: ISAKMP_AUTH_FAILED = Responder is reporting that preshared key is mismatched. Check settings on both peers.

There are other Check Point Firewall or Interoperable (Non-Check Point Firewall) objects with the same external IP address and encryption domain as the peer. Packets from the peer firewall are accepted, decrypted, and then dropped because the Check Point Firewall receiving the traffic cannot determine which firewall sent the packet.


Solution
Note: To view this solution you need to Sign In .