Troubleshoot IPsec-VPN connection issues - VPN Gateway - Alibaba Cloud Documentation Center

VPN Gateway allows you to view the logs and error codes of IPsec-VPN connections. VPN Gateway can work with Network Intelligence Service (NIS) to provide features such as VPN gateway diagnostics and reachability analyzer. If you encounter issues when you use IPsec-VPN connections, you can troubleshoot the issues based on related documentation.

Diagnostics features and references

The following table describes the diagnostics features and references for IPsec-VPN connection issues.

Category	Applicable diagnostics features and references
IPsec-VPN negotiation exceptions	VPN gateway diagnostics (recommended feature) You can use this feature to troubleshoot issues that occur when you use a VPN gateway, such as IPsec negotiation failures, incorrect route configurations of the VPN gateway, and abnormal status of the VPN gateway. The system provides suggestions based on the issue that is detected. Troubleshoot IPsec-VPN connection issues (feature and documentation) This topic provides answers to the frequently asked questions (FAQ) about IPsec-VPN connections. You can troubleshoot an IPsec-VPN connection issue based on the error code and log data of the IPsec-VPN connection displayed in the VPN Gateway console. For more information, see the Common IPsec-VPN connection issues and solutions section of the "Troubleshoot IPsec-VPN connection issues" topic. FAQ about IPsec-VPN connections (documentation) This topic describes the common causes of IPsec-VPN negotiation issues and connectivity issues and provides solutions to these issues.
Data transfer issues after IPsec-VPN negotiations succeed	Reachability analyzer (recommended feature) You can use this feature to check the connectivity between resources that use a VPN gateway. This helps you troubleshoot data transfer issues. FAQ about IPsec-VPN connections (documentation) This topic describes the common causes of IPsec-VPN negotiation issues and connectivity issues and provides solutions to these issues.
Abnormal status of VPN gateways	VPN gateway diagnostics (feature)
Billing issues	Billing (documentation)
Insufficient resource quotas	Quotas for IPsec-VPN connections (documentation)
Others	VPN gateway diagnostics (feature)

Methods to use the self-service diagnostics feature

Quick diagnostics

You can quickly troubleshoot IPsec-VPN connection issues on the Troubleshooting page in the Virtual Private Cloud (VPC) console.

Log on to the VPC console.
In the left-side navigation pane, click Troubleshooting.
On the Troubleshooting page, click the VPN Gateway tab.
Select an issue category and obtain the documentation and suggestions as prompted, or troubleshoot the issue.
For information about how to use the VPN gateway diagnostics and reachability analyzer features during troubleshooting, see Diagnose a VPN gateway and Work with reachability analyzer.

Other methods

The following methods are provided for you to use the VPN gateway diagnostics and reachability analyzer features to check IPsec-VPN connections. You can select a method based on your business requirements.

Method 1: Perform operations on the VPN Gateways page

Log on to the VPN Gateway console. On the VPN Gateways page, find the VPN gateway that you want to manage, click Diagnose in the Diagnose column, and then select Instance Diagnosis or Reachability Analyzer.

Method 2: Perform operations on the VPN gateway details page

Log on to the VPN Gateway console.
On the VPN Gateways page, find the VPN gateway that you want to manage and click its ID.
On the VPN gateway details page, click the Diagnose tab. Then, click the Instance Diagnostics or Reachability Analyzer tab.

Method 3: Perform operations in the NIS console

For more information, see Work with instance diagnostics and Work with the reachability analyzer.