Why it is important to delete IPSec Security Associations (SAs) frequently and then re-key and reestablish the SA’s?
A.
To reduce the chance that another IPSec machine on the network will generate the same random SPIf which will cause confusion as to which machine is the endpoint of a tunnel.
B.
To reduce the risk of a brute force attack where your key can be compromised if it stays the same for too long period of a time.
C.
Each time a SA is regenerated, the integrity of the link is checked. This is the only way to establish if the tunnel is still active.
D.
To reduce the potential problems of counters exceeding their allocated size, which will cause them to wrap back to zero and display invalid results.