Technical Tip: IPsec VPN Tunnel down with FGSP enabled

diagnose vpn ike gateway list name 'UAT_T1'
vd: root/0
name: UAT_T1
version: 1
interface: wan1 7
addr: 41.79.124.142:4500 -> 34.252.112.166:4500
tun_id: 34.252.112.166/::34.252.112.166
remote_location: 0.0.0.0
virtual-interface-addr: 169.254.133.14 -> 0.0.0.0
created: 1238s ago
nat: peer
IKE SA: created 1/1 established 1/1 time 250/250/250 ms
IPsec SA: created 1/1 established 1/1 time 90/90/90 ms
id/spi: 29 468e082094395cc7/7d9fbd93ba394121
direction: initiator
status: established 111-111s ago = 250ms
proposal: aes128-sha1
key: 646eb631a1753d5d-d9b27a3b7f98c9ff
lifetime/rekey: 28800/28388
DPD sent/recv: 00000000/4599a608

For the debug, follow the article: Troubleshooting Tip: IPsec Tunnel (debugging IKE).

IKE debug output:

iiB_FW_PRA_SEDE_ACTIVE # ike 0:UAT_T1:UAT_T1: IPsec SA connect 7 41.79.124.142->34.252.112.166:0
ike 0:UAT_T1:UAT_T1: using existing connection
ike 0:UAT_T1: connect event ignored by L3 HA secondary
ike 0:UAT_T1:UAT_T1: IPsec SA connect 7 41.79.124.142->34.252.112.166:0
ike 0:UAT_T1:UAT_T1: using existing connection
ike 0:UAT_T1: connect event ignored by L3 HA secondary
ike shrank heap by 159744 bytes
ike 0:UAT_T1:UAT_T1: IPsec SA connect 7 41.79.124.142->34.252.112.166:0
ike 0:UAT_T1:UAT_T1: using existing connection
ike 0:UAT_T1: connect event ignored by L3 HA secondary
ike 0:UAT_T1:UAT_T1: IPsec SA connect 7 41.79.124.142->34.252.112.166:0
ike 0:UAT_T1:UAT_T1: using existing connection

This issue can be fixed by the configuration shown below: