Title: Alarm for ipsec_service_down
Event ID: vpn.ipsec_service_down
Alarm Description

The IPsec service <Service UUID> is down.

• Purpose: Alarm is raised when a particular IPSec VPN Service status is Down. 
• Impact: All the sessions associated with the service will be in Down state, due to which datapath traffic to and from configured subnets stops working.

VMware NSX-T Data Center
VMware NSX

Edge Form factors:

Steps to Resolve
For 3.2.0 and higher

Recommended Action:

• Check service down reason string using any one of the following ways:
  • Edge CLI - "get ipsecvpn service". It should be "Service Routing Instance creation failed".
  • UI - Go to the Alarms page, specific IPsec Service Down Alarm and check "View Runtime Details".
  • API - Use "GET /api/v1/alarms/<alarm_id>"API and check "runtime_data" field in the output.
• If there is no resource crunch at the edge, Disable and Enable the IPSec service from UI/API.
  • UI: Go to VPN→VPN Services page. Edit service for which this particular alarm is raised. Change Admin Status to Down and Save. Then again Edit, change Admin Status to Up and Save.
  • API: Use "PUT /policy/api/v1/infra/tier-0s/{tier-0-id}/ipsec-vpn-services/{service-id}"  or "PUT /policy/api/v1/infra/tier-1s/{tier-1-id}/ipsec-vpn-services/{service-id}" APIs to update "enabled" parameter.

Maintenance window required for remediation? No