IPSEC VPN CLIs generate "IKED CLI Timeout" error for a few minutes after an edge failover

search cancel

IPSEC VPN CLIs generate "IKED CLI Timeout" error for a few minutes after an edge failover

book

Article ID: 403122

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

A failover has happened from an active edge node to a standby edge node
For a short while after this failover has occurred, NSX CLI commands specific to IPSEC VPN generate an error similar to the following:
```
> get ipsecvpn session summary  

% An unexpected error occurred: IKED CLI Timeout
```

Environment

VMware NSX
IPSEC VPN with large number of tunnels configured (in the thousands)

Cause

After an edge failover, the newly active edge node will take some time to bring up the thousands of IPSEC VPN tunnels. During this time, IPSEC VPN NSX CLI commands will produce the noted error.

Resolution

This is expected behavior in VMware NSX.

The "IKED CLI Timeout" error seen when running IPSEC VPN NSX CLI commands should stop occurring within a few minutes.

Feedback

thumb_up Yes

thumb_down No