Hi Jonas,
Thanks very much for your input.
See ike and ipsec configuration below.
==================================================================================================
set security ike proposal CUSTOMER_IKE_PROP description CUSTOMER_IKE_PROP
set security ike proposal CUSTOMER_IKE_PROP authentication-method pre-shared-keys
set security ike proposal CUSTOMER_IKE_PROP dh-group group5
set security ike proposal CUSTOMER_IKE_PROP authentication-algorithm sha-256
set security ike proposal CUSTOMER_IKE_PROP encryption-algorithm aes-256-cbc
set security ike proposal CUSTOMER_IKE_PROP lifetime-seconds 86000
set security ike policy ike_pol_CUSTOMER_VPN mode main
set security ike policy ike_pol_CUSTOMER_VPN proposals CUSTOMER_IKE_PROP
set security ike policy ike_pol_CUSTOMER_VPN pre-shared-key ascii-text ##secretkey##
set security ike gateway gw_CUSTOMER_VPN ike-policy ike_pol_CUSTOMER_VPN
set security ike gateway gw_CUSTOMER_VPN address XXX.YYY.107.112
set security ike gateway gw_CUSTOMER_VPN external-interface reth1.0
set security ike gateway gw_CUSTOMER_VPN version v2-only
set security ipsec proposal CUSTOMER_IPSEC_PROP description REALISE_IPSEC_PROP
set security ipsec proposal CUSTOMER_IPSEC_PROP protocol esp
set security ipsec proposal CUSTOMER_IPSEC_PROP authentication-algorithm hmac-sha-256-128
set security ipsec proposal CUSTOMER_IPSEC_PROP encryption-algorithm aes-256-cbc
set security ipsec proposal CUSTOMER_IPSEC_PROP lifetime-seconds 3600
set security ipsec policy ipsec_pol_CUSTOMER_VPN perfect-forward-secrecy keys group5
set security ipsec policy ipsec_pol_CUSTOMER_VPN proposals CUSTOMER_IPSEC_PROP
set security ipsec vpn CUSTOMER_VPN bind-interface st0.xxx
set security ipsec vpn CUSTOMER_VPN ike gateway gw_CUSTOMER_VPN
set security ipsec vpn CUSTOMER_VPN ike ipsec-policy ipsec_pol_CUSTOMER_VPN
set security ipsec vpn CUSTOMER_VPN establish-tunnels immediately
==================================================================================================
The logs do seem to point towards what's happening;
The following entry recurs continuously in the log for around 10 minutes
==================================================================================================
[Aug 3 08:26:42][xxx.xxx.173.2 <-> xxx.xxx.107.112] Triggering negotiation for CUSTOMER_VPN config block
[Aug 3 08:26:42][xxx.xxx.173.2 <-> xxx.xxx.107.112] Ignoring the trigger message as there are 4 active SAs already present in the CUSTOMER_VPN config block
[Aug 3 08:26:42][xxx.xxx.173.2 <-> xxx.xxx.107.112] Triggering negotiation for CUSTOMER_VPN config block
[Aug 3 08:26:42][xxx.xxx.173.2 <-> xxx.xxx.107.112] Ignoring the trigger message as there are 4 active SAs already present in the CUSTOMER_VPN config block
[Aug 3 08:26:46][xxx.xxx.173.2 <-> xxx.xxx.107.112] Triggering negotiation for CUSTOMER_VPN config block
[Aug 3 08:26:46][xxx.xxx.173.2 <-> xxx.xxx.107.112] Ignoring the trigger message as there are 4 active SAs already present in the CUSTOMER_VPN config block
[Aug 3 08:26:46][xxx.xxx.173.2 <-> xxx.xxx.107.112] Triggering negotiation for CUSTOMER_VPN config block
etc
etc
etc
==================================================================================================
Then the following entries occur
==================================================================================================
[Aug 3 08:37:06][xxx.xxx.173.2 <-> xxx.xxx.107.112] Ignoring the trigger message as there are 4 active SAs already present in the CUSTOMER_VPN config block
[Aug 3 08:37:07][xxx.xxx.173.2 <-> xxx.xxx.107.112] Soft life timer expired for inbound CUSTOMER_VPN with spi 0x81f94a91
[Aug 3 08:37:07][xxx.xxx.173.2 <-> xxx.xxx.107.112] Triggering negotiation for CUSTOMER_VPN config block
[Aug 3 08:37:07][xxx.xxx.173.2 <-> xxx.xxx.107.112] iked_pm_trigger_callback: lookup peer entry for gateway gw_CUSTOMER_VPN, local_port=500, remote_port=500
[Aug 3 08:37:07][xxx.xxx.173.2 <-> xxx.xxx.107.112] iked_pm_trigger_callback: FOUND peer entry for gateway gw_CUSTOMER_VPN
[Aug 3 08:37:07][xxx.xxx.173.2 <-> xxx.xxx.107.112] Using existing ike SA 1682582 for gateway gw_CUSTOMER_VPN
[Aug 3 08:37:07][xxx.xxx.173.2 <-> xxx.xxx.107.112] iked_pm_trigger_negotiation Set p2_ed in sa_cfg=CUSTOMER_VPN
[Aug 3 08:37:07][xxx.xxx.173.2 <-> xxx.xxx.107.112] IPSec rekey initiated for sa_cfg CUSTOMER_VPN with inbound spi 0x1a7f31c7
==================================================================================================
Thanks again,
Scott