Traffic through VPN session does not work even when session status is UP. Peer device sends delete and tears down the session due to inactivity. When NSX Edge VPN side is configured as Initiator, the session is re-negotiated and cycle repeats.

VMware NSX

When NAT rule is configured which is matching the VPN Local endpoint IP configured on the same Logical Router due to which source IP/port is changed, then this issue of datapath not working or session flap is seen.

This is not a supported configuration where NAT is performed on VPN Local Endpoint IP on same Logical-Router where VPN session is configured: Add an NSX IPSec VPN Service.

Workaround:

Configure No NAT rule for Local endpoint IP and Peer IP as source and destination respectively. No NAT rule priority should be higher than that already existing NAT rule.