So I discussed with our Tech Lead. He has investigated this before.He says that the Cisco VTI sends any any initiator and responder Traffic Selectors (0.0.0.0/0), and if the IPsec peer has any other traffic selector then the Cisco will automatically ...

Thanks for the update.I'll let you know if I find anything.

Hi train00wreck,Were you able to solve this?  I am experiencing the same problem.Cisco firmware 17.15 is initiating a new CHILD_SA every 3-30 seconds.Thank you.