Comment 3 for bug 1868515

@Jie Li, I think it's not if you have no more operations. But the updated field will synced by l3-agent if you restart the l3-agent service or other reasons. This will makes two ipsec site-connection failed(For example, site A use a updated 3DES encryption, site B use AES-128.)
So it would suggest not update ike or ipsec policy for an established IPsecSiteConnection.

But I'm keep open attitude, could you land a patch for this? Let's see other reviewers opinion,
Thanks.