I ran into this issue a few months back where I upgraded the Netgate SG-5100 from 2.4.5 to 21.01. That night I noticed that I had issues with my IPSec site to site VPNs. I also have several OpenVPN site to site VPNs, but they were unaffected.
Last night, I ran into the same issue when upgrading from 2.4.5 to 21.02-2. Same customer. When I did this upgrade (to fix another problem), this IPSec issue came back again. In doing some research, I found this link in the Netgate forum: https://redmine.pfsense.org/issues/11524
After reading through this, I verified my settings. Sure enough, I was using SHA256 as my hash for my VPN settings. I made the following changes:
1. Changed from SHA256 to SHA512 (from what I read, use anything but SHA256 or SHA1)
2. Disabled AES-NI by going to System --> Advanced --> Miscellaneous --> Cryptographic Hardware, and changing that setting from "AES-NI and BSD crypto device" to "Intel QuickAssist (QAT)".