Dynamic Connection Teardown

The following events can trigger the teardown of a dynamic IPSec subscriber connection:

All phase 1 and phase 2 SA deleted by a remote peer and no rekeying activity occurs for one minute
Administrative logout
IPSec card terminating the user becoming unavailable (for example, the card is reloading, disabled, or disconnected)
Dead peer detection (DPD) reporting the phase 1 SA is unreachable
Authentication, authorization, and accounting session or idle timeout values expire