Title: Alarm for ipsec_route_based_session_down Event ID: vpn.ipsec_route_based_session_down Alarm Description
The route based IPsec VPN session <Session UUID> is down.
Purpose: Alarm is raised when a particular Route Based IPSec VPN Session with UUID <Session UUID> is Down.
Impact: Datapath traffic stops working for configured local and remote networks.
Environment
VMware NSX-T Data Center VMware NSX
Edge Form factors:
Bare Metal Edge
VM Edge
Resolution
Steps to Resolve For 3.0.0 and higher
Recommended Action:
Get the session down reason from UI/API/CLI:
On UI, go to VPNāIPSec Sessions page and check particular session Status. Check IKE Status info icon, which will show session status along with the down reason.
For API, use "GET /policy/api/v1/infra/tier-0s/{tier-0-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics" or "GET /policy/api/v1/infra/tier-1s/{tier-1-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics" to get the session status details. Check the fail_reason in the output.
For CLI, use "get ipsecvpn session summary", "get ipsecvpn session sessionid <session-id>" CLIs to check the down reason.