[VMC on AWS] "IPsec Negotiation not started" error while trying to set up Policy Based VPN.
Article ID: 313614
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
To investigate the reason for the failure of the Policy-based VPN setup that results in the error "IPsec Negotiation not started".
Symptoms:
While setting up a Policy-Based VPN and connecting it to on-Prem devices, two error messages "IPsec Negotiation not started" and "TS_unacceptable" are seen.
Note: IKE Status is Up.
Symptoms:
While setting up a Policy-Based VPN and connecting it to on-Prem devices, two error messages "IPsec Negotiation not started" and "TS_unacceptable" are seen.
Note: IKE Status is Up.
Cause
IPsec works in 2 phases: Phase 1 and Phase 2
If the IKE Status is Up, that means phase 1 is configured right and there is an issue with IPsec Negotiation.
If the IKE Status is Up, that means phase 1 is configured right and there is an issue with IPsec Negotiation.
Resolution
This error is seen due to misconfiguration in phase 2. Please verify if the configurations match by referring to this Configure Policy based VPN . If the setup still fails to show up, then start a new VPN creation from scratch.
Workaround:
Configure a VPN to provide a secure connection to the SDDC over the public Internet or AWS Direct Connect. Click here for details.
To configure :
Feedback
Yes
No
Powered by
