If the NAT device does not detect traffic to an IP address for a specific period nof time, it might invalidate the IP address it has assigned to the remote host and reassign it to another host. Sending these keepalive packets to simulate traffic ensures that the IP mapping remains unchanged during the Phase 1 and Phase 2 security association lifetimes.