[VMC on AWS] "IPsec Negotiation not started" error while trying to set up Policy Based VPN.
searchcancel
[VMC on AWS] "IPsec Negotiation not started" error while trying to set up Policy Based VPN.
book
Article ID: 313614
calendar_today
Updated On: 10-13-2023
Products
VMware Cloud on AWS
Issue/Introduction
To investigate the reason for the failure of the Policy-based VPN setup that results in the error "IPsec Negotiation not started".
Symptoms: While setting up a Policy-Based VPN and connecting it to on-Prem devices, two error messages "IPsec Negotiation not started" and "TS_unacceptable" are seen. Note: IKE Status is Up.
Cause
IPsec works in 2 phases: Phase 1 and Phase 2 If the IKE Status is Up, that means phase 1 is configured right and there is an issue with IPsec Negotiation.
Resolution
This error is seen due to misconfiguration in phase 2. Please verify if the configurations match by referring to this Configure Policy based VPN. If the setup still fails to show up, then start a new VPN creation from scratch.
Workaround:
Configure a VPN to provide a secure connection to the SDDC over the public Internet or AWS Direct Connect. Click here for details. To configure :