Hmm, if I do a "show tail log" it outputs some weird stuff about Jan 30 (???) and then times out.
If I do a "show vpn log" here are the last few lines of that result...
Oct 29 23:13:08 09[IKE] <peer-x.x.x.x.203-tunnel-1|5> CHILD_SA peer-x.x.x.x.203-
tunnel-1{2} established with SPIs ca7b8b47_i ce8e22c1_o and TS 10.1.10.0/24 ===
192.168.2.0/24
Oct 29 23:19:07 06[KNL] creating rekey job for ESP CHILD_SA with SPI ceac1a9b an
d reqid {2}
Oct 29 23:19:43 10[KNL] creating rekey job for ESP CHILD_SA with SPI cd6f00be an
d reqid {2}
Oct 29 23:29:25 16[KNL] creating delete job for ESP CHILD_SA with SPI ceac1a9b a
nd reqid {2}
Oct 29 23:29:25 15[KNL] creating delete job for ESP CHILD_SA with SPI cd6f00be a
nd reqid {2}
Oct 29 23:29:25 11[IKE] <peer-x.x.x.x.203-tunnel-1|5> closing expired CHILD_SA p
eer-x.x.x.x.203-tunnel-1{2} with SPIs ceac1a9b_i cd6f00be_o and TS 10.1.10.0/24
=== 192.168.2.0/24
Oct 29 23:55:56 08[IKE] <peer-x.x.x.x7.203-tunnel-1|5> CHILD_SA peer-x.x.x.x.203-
tunnel-1{2} established with SPIs c8ca523e_i cf7921c5_o and TS 10.1.10.0/24 ===
192.168.2.0/24
Oct 29 23:59:30 11[KNL] creating rekey job for ESP CHILD_SA with SPI ce8e22c1 an
d reqid {2}
Oct 30 00:00:37 16[KNL] creating rekey job for ESP CHILD_SA with SPI ca7b8b47 an
d reqid {2}
Should I really delete the default WAN_IN rule? I've setup a few of these site-to-site VPNs before and never deleted that default rule.