You can view the L2 VPN tunnel status and the reason for the tunnel failure in both the vSphere Web Client and in the console of the L2 VPN appliance.

Problem

L2 VPN over an SSL tunnel between the client and the server is down.

Cause

On the L2 VPN server side, the following generic failure message is displayed when the tunnel is down:

Not available. Please check L2VPN client and server system logs/cli for details.

On the L2 VPN client side, the SSL connect has failed message is displayed when the tunnel is down due to any of the following reasons:

  • Server address is incorrect.

  • L2 VPN Edge server is unreachable or not responding.

  • Cipher or port number is misconfigured on the L2 VPN server.

However, if the user ID or password is incorrect, or if the site is disabled from the server, the following message is displayed on the L2 VPN client:

Authentication failed, try to log in again.

Solution

  1. Download the Tech Support Logs for the NSX Edge, and check for any failure or error message in the log files that are related to L2 VPN.

    Typically, all the logs for the L2 VPN server have the following format:

    {Date}NSX-edge-1-0l2vpn:[local0:info]INFO:{MESSAGE}
  2. If the tunnel is down due to a failure in the SSL connection between the client and server, resolve the problem using the following methods:
    • Check whether the server address, server port, and encryption algorithm are configured correctly.

    • Make sure that the standalone L2 VPN Edge client has Internet connectivity on the uplink port, and the L2 VPN Edge server is reachable.

    • Make sure that the firewall has not blocked port 443.

  3. If the tunnel is down due to an authentication failure, correct the user name or password, and log in again.