A packet quarantine device receives a data packet over a secure connection having a connection-specific set of security parameters such as an IPsec connection in a virtual private network (VPN) using security associations. The packet quarantine device tests the data packet and if the data packet fails to validate, the packet quarantine device saves the data packet to a storage area along with the set of security parameters used to transmit the data packet. The stored information of the failed packet along with the set of security parameters enables later analysis of the failed packet in order to determine the network condition that produced the failed data packet. The packet quarantine device also generates alerts in response to receiving data packets that fail to validate. The alerts include information obtained from packet analysis.