VPN: The log shows "payload processing failed" error message

The Log message Payload processing failed indicates there is a mismatch of proposals during phase 1 or phase 2 negotiation between a site-to-site VPN. If you observe the logs received just before this error message on the responder SonicWall will clearly display the exact problem.

Logs on Responder

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Ensure that the proposals are identical on both the VPN policies.

1.  Navigate to NETWORK | Ipsec VPN | Rules and settings , click the configure icon next to the appropriate VPN SA name.

      2. On the Proposals tab, make sure the IKE (phase 1) Proposal and Ipsec (phase 2) proposal is identical to the  remote firewall. Make sure the Perfect Forward Secrecy settings match on the local and remote firewall. 

         NOTE: In a manual key configuration, the incoming SPI for the main site is the outgoing SPI for the remote               site and vice versa. 

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Ensure that the proposals are identical on both the VPN policies.

1.  Click VPN, click the configure icon next to the appropriate VPN SA name.
2. On the Proposals tab, make sure the IKE (phase 1) Proposal and Ipsec (phase 2) proposal is identical to the remote firewall. Make sure the Perfect Forward Secrecy settings match on the local and remote firewall.  
   
   
   

   NOTE: In a manual key configuration, the incoming SPI for the main site is the outgoing SPI for the remote site and vice versa.