The
keep_IKE_SAs option is not enabled.
When this parameter is disabled, policy installation removes all Phase1 and Phase 2 keys.
Enabling this parameter changes the behavior so that the Security Gateway keeps all Phase 1 and Phase 2 keys after a policy installation to work around interoperability issues with 3rd party VPN peers.