Has there been a solution to this problem?
I am facing the exact same behaviour. It configured dead peer detection to prevent the tunnel from going down:
-
set security vpn ipsec ike-group IKE-XY dead-peer-detection action ‘restart’
-
set security vpn ipsec ike-group IKE-XY dead-peer-detection interval ‘30’
-
set security vpn ipsec ike-group IKE-XY dead-peer-detection timeout ‘120’
But still the vtis are deactivated after IKE lifetime expires.
Any more hints?