You are troubleshooting an IPsec session and see the following IPsec security associations:
ID Gateway Port Algorithm SPI Life:sec/kb Mon vsys
< 192.168.224.1 500 ESP:aes-256/sha1 d6393645 26/ unlim – 0
> 192.168.224.1 500 ESP:aes-256/sha1 153ec235 26/ unlim – 0
< 192.168.224.1 500 ESP:aes-256/sha1 f9a2db9a 3011/ unlim – 0
> 192.168.224.1 500 ESP:aes-256/sha1 153ec236 3011/ unlim – 0
What are two reasons for this behavior? (Choose two.)
Both peers are trying to establish IKE Phase 1 but are not successful.
Both peers have established SAs with one another, resulting in two IPsec tunnels.
The lifetime of the Phase 2 negotiation is close to expiration.
Both peers have establish-tunnels immediately configured.