IKEv2 IPSec tunnel going down due to Dead Peer Detection (DPD) even when liveness check is disabled.

• IKEv2 IPSec tunnel is going down due to Dead Peer Detection (DPD).
• System Logs (CLI: show log system) indicating the tunnel going down due to DPD 

low      vpn     ikev2-t ikev2-n 0  IKEv2 IKE SA is down determined by DPD.

• Ikemgr.log (CLI: less mp-log ikemgr.log) indicating the tunnel going down due to DPD.

[INFO]: {    8:    8}: DPD down, rekey vpn tunnel <ikev2-t>, SA state ESTABLISHED

• Palo Alto Firewalls
• PAN-OS 8.1 and above.
• IPSec tunnel configured with IKEv2 gateway.
• Liveness check is disabled.

• For an IKEv2 tunnel, DPD is always on. All IKEv2 packets besides the empty informational packet serve the purpose of liveness check.
• Liveness check packet (informational) is only sent out while there is no activity after dpd_interval over the IKE SA and child SA.
• Liveness check enable: if it is set to yes, empty informational messages will be sent out after a time of inactivity.
• Liveness check or DPD for IKEv2 cannot be disabled on the PA-FW as per design.

1. IKEv2 tunnel going down due to DPD is an indication of connectivity issues between the VPN peers.
2. Troubleshooting the connectivity issues between VPN peers including packet capture can be used to isolate the issue.

More details about Ikev2 Liveness check can be found in article IKEV2 With Liveness Check.
For more information on how to troubleshoot IPsec VPN tunnel down refer to:
How to Troubleshoot IPSec VPN connectivity issues
How to troubleshoot IPSec VPN Tunnel Down ​​​​​​​