In VMware Cloud Director, when creating a new IPSec VPN service with Pre-Shared Key (PSK) authentication via the API or UI, the localId in the VCD API response is null, even if the value was explicitly specified during the creation process.
The localId remains empty in the VCD API response as shown below:

  "localEndpoint": {
    "localId": null,  <==== 
    "localAddress": "***.***.***.***",
    "localNetworks": [
      "***.***.***.***/**"
    ]
  },

VMware Cloud Director 10.x
VMware NSX 4.x

This is caused by an issue in VCD. During the IPSec VPN creation process, VCD didn't to include the local_id parameter in the PUT request payload sent to the backend NSX API. Consequently, the local endpoint is created with an empty local_id on the NSX side, which then synchronizes back to VCD as null.

A fix for this issue is currently being considered for a future release of VMware Cloud Director. In the meantime, to use the following workaround.

Workaround:
After creating the VPN in VCD, log in to the NSX Manager UI (Networking > Network Services > VPN > IPSec Sessions > Local Endpoint) and manually enter the correct value (the same IP address as the localAddress) for the localId field. Once saved, the correct value will be synchronized back to VCD.

Configure the IPsec VPN Site Connections for the NSX Data Center for vSphere Edge Gateway in the VMware Cloud Director Service Provider Admin PortalVMware Cloud Director Tenant Portal

Add a Policy-Based IPSec Session

Using Certificate-Based Authentication for IPSec VPN Sessions

VMware Cloud Director で PSK 認証を使用して IPSec VPN を作成すると localId が null になる