An IPSEC NSD tunnel stays down on Azure Virtual WAN Hub
search cancel

An IPSEC NSD tunnel stays down on Azure Virtual WAN Hub

book

Article ID: 382799

calendar_today

Updated On:

Products

VMware VeloCloud SD-WAN

Issue/Introduction

IPSec tunnel, NSD status is down.

Environment

Vmware VeloCloud SD-WAN Gateway

VCG version:  R5103-20230621-GA-9d8588f02e

And 3rd Azure IPsec

Cause

1. Non-SD-WAN Destination Via Gateway, in default mode, it could boot up.

 2. Customer will change Azure Virtual HUB IPsec IKE manually.  it caused an error on VCG.

 3. VCG version:  R5103-20230621-GA-9d8588f02e

Azure configuration:

Velo configuration:

 

 

 

Resolution

IKE DS look fail on packet

Suggest Azure TAC to confirm the errors about IKE parameters.

Additional Information

Azure IPsec couldn't recognize Integrity Algorithm: AUTH_HMAC_SHA2_512_256,  AUTH_AES_XCBC_96

Powered by Wolken Software