I have setup ipsec VPNs with multiple tunnels.
For some of the tunnels, the local prefix is pointing not to the local subnet, but to a subnet being NAT translated to another system entirely.
When this is the case, those tunnels are always listed as "down", and Peer ID as n/a. The tunnel is not actually down, and data flows.

In the following example, the first Peer ID should be the same as below, and the Local ID should a subnet in a public IP range, which isn't associated with any network devices, but has a working dst-nat rule.

vyos@VyOS-IPSEC-GPA# run show vpn ipsec sa
Peer ID / IP Local ID / IP

---

n/a n/a

Tunnel  State  Bytes Out/In   Encrypt  Hash    NAT-T  A-Time  L-Time  Proto
------  -----  -------------  -------  ----    -----  ------  ------  -----
2       down   252.0/252.0    aes256   sha256_128 no     -900    n/a     all

Peer ID / IP Local ID / IP

---

remotepeer 192.168.101.153

Tunnel  State  Bytes Out/In   Encrypt  Hash    NAT-T  A-Time  L-Time  Proto
------  -----  -------------  -------  ----    -----  ------  ------  -----
1       up     0.0/0.0        aes256   sha256_128 no     2280    3600    all

On the other side, also a VyOS in this case, shows a similar result:

Peer ID / IP Local ID / IP

---

n/a n/a

Tunnel  State  Bytes Out/In   Encrypt  Hash    NAT-T  A-Time  L-Time  Proto
------  -----  -------------  -------  ----    -----  ------  ------  -----
2       down   252.0/252.0    aes256   sha256_128 no     -420    n/a     all

Peer ID / IP Local ID / IP

---

remotepeer 192.168.55.75

Tunnel  State  Bytes Out/In   Encrypt  Hash    NAT-T  A-Time  L-Time  Proto
------  -----  -------------  -------  ----    -----  ------  ------  -----
1       up     0.0/0.0        aes256   sha256_128 no     2760    3600    all