Newly configured IPSEC Sessions are in failed state
Article ID: 413700
Updated On:
Products
VMware NSX
Issue/Introduction
- Newly configured IPSEC Sessions are in Failed state.
- Clicking on the "Failed" symbol shows error: "Realization Failure, waiting for realization...."
- When VPN is setup using a completely different LocalEndpoint IP it works fine
- Logs from NSX manager show an overlap of a logical router port with the local endpoint
/var/log/syslog:
2025-09-01T09:50:17.256Z INFO providerTaskExecutor-1-41 RealizationFetchUtility 2901724 POLICY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Evaluating realization for /infra/tier-1s/########-####-####-a597-d94b5afea1d5/ipsec-vpn-services/########-####-####-a597-d94b5afea1d5 ...
2025-09-01T09:50:17.266Z ERROR providerTaskExecutor-1-41 IPSecVPNLocalEndpointServiceImpl 2901724 VPN [nsx@6876 comp="nsx-manager" errorCode="MP110000" level="ERROR" subcomp="manager"] Errors {"moduleName":"VPN","errorCode":110113,"errorMessage":"Local Endpoint IP 172.16.#.# overlaps with logical router port(s) [t81960-e4b1-46ce-####-############-svclrp] IPs."} in IPSecVPNLocalEndpoint config IpSecVpnLocalEndpointConfig/25249924-####-47d0-99f4-#############
2025-09-01T09:50:17.266Z WARN providerTaskExecutor-1-41 IPSecVpnCoreBaseProvider 2901724 POLICY [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="manager"] IPSecVpnLocalEndpoint /infra/tier-1s/########-####-####-a597-d94b5afea1d5/ipsec-vpn-services/########-####-####-a597-d94b5afea1d5/local-endpoints/########-.management.vpn.common.exception.VPNException: Found errors in the request. Please refer to the related errors for details.
2025-09-01T09:50:17.277Z INFO providerTaskExecutor-1-41 AlarmServiceImpl 2901724 POLICY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Message returned [error_code=110113, module_name=VPN, error_message='Local Endpoint IP 172.16.#.# overlaps with logical router port(s) [t1-bd871903-####-4fbc-####-d919305-svclrp] IPs.']
2025-09-01T09:50:17.299Z ERROR providerTaskExecutor-1-41 PolicyProviderUtil 2901724 POLICY [nsx@6876 comp="nsx-manager" errorCode="PM0" level="ERROR" subcomp="manager"] Created alarm Alarm [policyPath=/infra/realized-state/enforcement-points/default/vpn/ipsec/services/NETWORK.########-####-####-a597-d94b5afea1d5.bd5afea1d5:172.16.#.#/alarms/########-eb40-4945-####-091994716500, message=[error_code=110113, module_name=VPN, error_message='Local Endpoint IP 172.16.#.# overlaps with logical router port(s) [t1-########-####-####-a597-d94b5afea1d5-55550fd8-####-####-8705-1af2ca64458e-########-e4b1-46ce-9ef4-57856d919305-svclrp] 00, module_name=VPN, error_message='Found errors in the request. Please refer to the related errors for details.
Environment
VMware NSX
Cause
This is caused due to a user error because the local end point IP that is configured is the same IP which is also configured on IPSec VPN service running on a Tier-1 gateway, the local endpoint IP address must be different from the Tier-1 gateway's uplink/service interface IP address.
Resolution
Change the local endpoint IP to any other IP other than the Tier-1 gateway's uplink/service interface IP address and that would fix the issue .Refer to the document below for more information
Additional Information
In case you do see an error " VPN Tunnel Status not found' error for the L2VPN Session or the L2VPN in Failed state" refer to the KB below
Feedback
Yes
No
Powered by
