[VMConAWS] VPN status is reported down in SDDC v1.20 and later versions
search cancel

[VMConAWS] VPN status is reported down in SDDC v1.20 and later versions


Article ID: 313626


Updated On:


VMware Cloud on AWS


To help remediate and bring the VPN tunnel up

  • PBVPN/RBPVN status is reported down. Trying to bring up the VPN fails and NSX UI -> VPN -> IPSecSessions displays "IPSec negotiation not started" and "Configuration Failed" as shown below. 

  • /var/log/syslog in active edge shows similar events 
    syslog.56.gz:2023-09-21T12:26:32.290Z NSX-Edge-1-10-209-252-8 NSX 12550 VPN [nsx@6876 comp="nsx-edge" subcomp="iked" s2comp="iked-event" level="WARN" eventId="vmwNSXVpnIkeSessionStatus"] {"event_state":0,"event_external_reason":"IKE session status DOWN: Configuration failed","event_src_comp_id":"a31e3dd4-3307-11eb-a8fb-000c297bfb55","event_sources":{"id":"83dcd287-a414-4620-a52e-2ed1e7628824","local_ip":"","peer_ip":""}}
    syslog.56.gz:2023-09-21T12:26:51.989Z NSX-Edge-1-10-209-252-8 NSX 12550 - [nsx@6876 comp="nsx-edge" s2comp="nsx-monitoring" entId="83dcd287-a414-4620-a52e-2ed1e7628824" tid="12576" level="WARNING" eventState="On" eventFeatureName="vpn" eventSev="warning" eventType="ipsec_policy_based_session_down"] The policy based IPsec VPN session 83dcd287-a414-4620-a52e-2ed1e7628824 is down. Reason: Configuration failed: Failed to send message to main thread.


This is caused due to a memory corruption in iked process with in NSX.


The issue is expected to be fixed in future SDDC patch release.

An edge failover will remediate the issue and bring the tunnel back up. Engage VMware Support for assistance.

Additional Information

Failure to establish VPN sessions to endpoints.