This issue reproduces when the resolved peer IP address is different than the main IP address (the IP address in the 'General Properties' tab). This can be a result of different Link Selection methods. The resolved peer IP address, used as key, is pulled from the IPsec SA tables instead of using the main IP address.
There are no unique indicators in vpnd or kernel debugs, but it is possible to check whether the resolved peer IP address in the resolved_link kernel table is different than the main IPaddress . If this is the case and the configuration is IKEv2, the problem will reproduce.