<div>
I did not consider this a complete answer to my question.
</div>


I did not consider this a complete answer to my question.

<div>
<div class="content wysiwyg-content">
We upgraded to Sonicwall firmware 5.5.1.3 this past Sunday. &nbsp;Since then we have 5 out of 13 site-to-site tunnels that consistently generate &quot;Payload processing failed&quot; errors every 10 minutes. The tunnels are up and work fine but we are flooded with these alerts. &nbsp;Sonicwall has told me more alerts are to be expected with the new firmware. I have discovered that &quot;Dead Peer Detection&quot; in the Sonicall is generating these alerts. DPD is configured to check every 600 seconds. When DPD is disabled they stop. I cannot see the ISAKMP exchanges since they are encrypted. What I want to do is generate a packet capture in the Soncwall and then use Wireshark to see the ISAKMP exchanges when DPD occurs and try to see what differences exist between tunnels that alert and tunnels that do not. &nbsp;Wireshark asks for a &quot;pluto log file&quot; in the &quot;ISAKMP&quot; section. I am the firewall admin and know all details about the site-to-site tunnels, e.g. shared secrets, encyption used, etc. Can anyone tell me if it is possible to decrypt ISAKMP data in Wireshark so I can see the exchange when DPD occurs?<br />

</div>
</div>


We upgraded to Sonicwall firmware 5.5.1.3 this past Sunday.  Since then we have 5 out of 13 site-to-site tunnels that consistently generate "Payload processing failed" errors every 10 minutes. The tunnels are up and work fine but we are flooded with these alerts.  Sonicwall has told me more alerts are to be expected with the new firmware. I have discovered that "Dead Peer Detection" in the Sonicall is generating these alerts. DPD is configured to check every 600 seconds. When DPD is disabled they stop. I cannot see the ISAKMP exchanges since they are encrypted. What I want to do is generate a packet capture in the Soncwall and then use Wireshark to see the ISAKMP exchanges when DPD occurs and try to see what differences exist between tunnels that alert and tunnels that do not.  Wireshark asks for a "pluto log file" in the "ISAKMP" section. I am the firewall admin and know all details about the site-to-site tunnels, e.g. shared secrets, encyption used, etc. Can anyone tell me if it is possible to decrypt ISAKMP data in Wireshark so I can see the exchange when DPD occurs?


Need to Decrypt ISAKMP Traffic with Wireshark

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.