IKEv2 reauthentication

Reauthentication verifies that IKEv2 VPN peers retain their access to authentication credentials. Rekeying establishes new keys for an IKE security association (SA) but does not reauthenticate the peers. Reauthentication creates a new IKE SA, creates new child SAs within the IKE SA, and then deletes the old IKE SA. IKEv2 reauthentication is disabled by default. To enable IKEv2 reauthentication, configure the reauth-frequency statement at the [edit security ike policy policy-name] hierarchy level; the reauth-frequency value is the number of IKE rekeys that occurs before reauthentication occurs. For example, if reauth-frequency is 1, reauthentication occurs every time there is an IKE rekey. If reauth-frequency is 2, reauthentication occurs at every other IKE rekey. If reauth-frequency is 3, reauthentication occurs at every third IKE rekey.