Communication not establishing and VPN status is down in NSX UI
Article ID: 410434
Updated On:
Products
VMware NSX
Issue/Introduction
- You are using Policy Based IPSec VPN and the tunnel status is showing down in NSX UI but shows up on the peer end
- You have validated both phase-1 and phase-2 configs and they are matching on both ends
- High Availability (HA) state of the T1 gateway's edge nodes (linked to the IPSec VPN session) is reporting active-active despite having active-standby setup on the T1 gateway
Screenshot of the HA mode on the problem T1 gateway (setup as active-standby):
Screenshot of edges (showing active-active, despite they are set to active-standby on gateway): - syslog on one of the edge nodes show
"sync failure reason: SR is not in standby state"for the T1 gateway in question
Environment
VMware NSX
VMware NSX-T Data Center
Cause
Edges are in incorrect HA state on the problem gateway due to sync failure between the edge nodes
Resolution
Workaround:
Place one of the edge nodes into maintenance mode and then subsequently bringing it out of maintenance mode in an attempt to resync the edge nodes.
Post following the above workaround, you should see edges reporting as active-standby on the problem gateway as expected and the VPN tunnel should now show success.
Note: If the issue persists, feel free to open a case with Broadcom Support Team
Feedback
Yes
No
Powered by
