An established IPSec VPN session may go down immediately after a second Local Endpoint is added to the same IPSec VPN Service. This typically occurs when the primary session is utilizing the High Availability (HA) Virtual IP (VIP) of a Tier-0 gateway as its Local Endpoint IP.

NSX Edge Syslog contains log similar to below:

2026-##-##T14:10:06.220Z ###-edge##.###.###.### NSX ### VPN [nsx@### comp="nsx-edge" subcomp="iked" s2comp="ike-stack" level="INFO"] Local IP 10.XX.YY.ZZ unavailable. <----  
2026-##-##T14:10:06.220Z ###-edge01.####.###.### NSX ###VPN [nsx@### comp="nsx-edge" subcomp="iked" s2comp="ike-stack" level="INFO"] Message: IKE SA negotiation could not be initiated.

VMware NSX 4.x and VMware NSX 9.x

This is a known issue where the HA VIP IP is incorrectly moved to a loopback interface. This removal from the uplink interface causes the IKE connectivity to break 

The issue is resolved in NSX 4.2.4 and 9.1.1 

Workaround:- 

If an upgrade is not immediately possible, you can restore connectivity using the following steps:

- Identify the affected IPSec VPN session.
- Disable the session, and then re-enable it.
- Once complete, the session should re-negotiate and establish connectivity.

Note: This workaround restores service but does not prevent the issue from recurring if another Local Endpoint is added subsequently.