I have similar seen issues with IKEv2 tunnels between ASA and PA. Most of these instances I have found that the Palo Alto end of the tunnel is configured for AES-256 (GCM) either as a primary or secondary policy and not the Cisco default AES-256 (CBC...