Title: Alarm for ipsec_route_based_session_down
Event ID: vpn.ipsec_route_based_session_down
Alarm Description

The route based IPsec VPN session <Session UUID> is down.

• Purpose: Alarm is raised when a particular Route Based IPSec VPN Session with UUID <Session UUID> is Down. 
• Impact: Datapath traffic stops working for configured local and remote networks.

VMware NSX-T Data Center
VMware NSX

Edge Form factors:

Steps to Resolve
For 3.0.0 and higher

Recommended Action:

• Get the session down reason from UI/API/CLI:
  • On UI, go to VPN→IPSec Sessions page and check particular session Status. Check IKE Status info icon, which will show session status along with the down reason.
  • For API, use "GET /policy/api/v1/infra/tier-0s/{tier-0-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics" or "GET /policy/api/v1/infra/tier-1s/{tier-1-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics" to get the session status details. Check the fail_reason in the output.
  • For CLI, use "get ipsecvpn session summary", "get ipsecvpn session sessionid <session-id>" CLIs to check the down reason.
• As per the down reason, check the necessary actions to resolve the alarm in table mentioned at Alarms When an IPsec VPN Session or Tunnel Is Down.

Maintenance window required for remediation? No

Alarms When an IPsec VPN Session or Tunnel Is Down