Restrictions and guidelines: Keychain configuration
To make sure only one key in a keychain is used at a time to authenticate packets to a peer, set non-overlapping sending lifetimes for the keys in the keychain.
The keys used by the local device and the peer device must have the same authentication algorithm and key string.