Title: Alarm for ipsec_route_based_tunnel_down
Event ID: vpn.ipsec_route_based_tunnel_down
Alarm Description

The route based IPsec VPN tunnel (IPv4/IPv6) in session <Session UUID> is down.

• Purpose: Alarm is raised when a Route Based IPSec VPN Tunnel for session with UUID <Session UUID> is Down.
• Impact: Datapath traffic stops working for configured networks over Tunnel Interface.

VMware NSX-T Data Center
VMware NSX

Edge Form factors:

Steps to Resolve
For 3.0.0 and higher

Recommended Action:

• Get the tunnel down reason from UI/API/CLI:
  • On UI, go to VPN→IPSec Sessions page and check particular session Status. Check IKE Status info icon, which will show session status along with the down reason.
  • For API, use "GET /policy/api/v1/infra/tier-0s/{tier-0-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics" or "GET /policy/api/v1/infra/tier-1s/{tier-1-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics" to get the session status details. Check the fail_reason in the output.
  • For CLI, use "get ipsecvpn session summary", "get ipsecvpn session sessionid <session-id>" CLIs to check the down reason.
• As per the tunnel down reason, check the necessary actions to resolve the alarm in table mentioned at Alarms When an IPsec VPN Session or Tunnel Is Down.

Maintenance window required for remediation? No

Alarms When an IPsec VPN Session or Tunnel Is Down