My Oracle Support Banner

OCI Site-to-Site VPN - After a Customer Premises Equipment (CPE) Fail-Over, the Virtual Private Network (VPN) IPsec Traffic Halts (Doc ID 2993664.1)

Last updated on DECEMBER 18, 2023

Applies to:

Oracle Cloud Infrastructure Site-to-Site VPN - Version N/A and later
Information in this document applies to any platform.


The traffic stopped flowing through the IPSec tunnel.

The setup details are the following:

A cluster of Check Point devices configured with HA (High Availability) with Active/Standby configuration are used as a CPE device in the On-premises side.

Network Address Translation (NAT) is used on the On-premises side and the private IP address of the On-Premises CPE is used as the CPE IKE identifier on the OCI side.

The IPSec logs on OCI side contained entries like this:


An On-premises CPE device fail-over was performed.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.