Steps to Resolve
Recommended Action:

• Get the tunnel down reason from UI/API/CLI:
  • Login to the NSX Manager UI, go to Networking Tab --> VPN --> IPSec Sessions and check particular session Status.
    Check IKE Status info icon, which will show session status along with the reason for the session being down.
    
    
• For API, to get the session status details and fail_reason, use following:
  
  3.0.0 and higher 
  GET /policy/api/v1/infra/tier-0s/{tier-0-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics
  GET /policy/api/v1/infra/tier-1s/{tier-1-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics
  
  4.2 and higher
  GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tier-1s/{tier-1-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics
  
  9.1 and higher
  GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/transit-gateways/{transit-gateway-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics 
  
  In the above output, you will get to know the possible cause for the IPSec session / tunnel being down.
  
  For CLI, use "get ipsecvpn session summary", "get ipsecvpn session sessionid <session-id>" CLIs to check the down reason.
• As per the tunnel down reason, check the necessary actions to resolve the alarm in table mentioned at Alarms When an IPsec VPN Session or Tunnel Is Down

Maintenance window required for remediation? No