R1
—————–
(config)#crypto pki certificate map CAMP 1
#issuer-name co talebi
(config)# default crypto ikev2 proposal
(config)# crypto ikev2 proposal default
# encryption aes-cbc-256
# integrity sha256
# group 14
(config)# default crypto ikev2 policy
(config)# crypto ikev2 profile IKEV2-Profile
# identity local dn
# match certificate CMAP
# authentication remote rsa-sig
# authentication local rsa-sig
# pki trustpoint Trusted-cA
# virtual-template 1
(config)# default crypto ipsec transform-set
(config)# crypto ipsec transform-set default esp-gcm 256
(config)# default crypto ipsec profile
(config)# crypto ipsec profile default
(config)# set ikev2-profile IKEV2-Profile
(config)# interface virtual-template 1 type tunnel
#ip unnumbered loop 0
#tunnel source eth0/0
#tunnel mode ipsec ipv4
#tunnel protection ipsec profile default
#ip ospf 1 area 0
R2
—————–
(config)#crypto pki certificate map CAMP 1
#issuer-name co talebi
(config)# default crypto ikev2 proposal
(config)# crypto ikev2 proposal default
# encryption aes-cbc-256
# integrity sha256
# group 14
(config)# default crypto ikev2 policy
(config)# crypto ikev2 profile IKEV2-Profile
# identity local dn
# match certificate CMAP
# authentication remote rsa-sig
# authentication local rsa-sig
# pki trustpoint Trusted-cA
(config)# default crypto ipsec transform-set
(config)# crypto ipsec transform-set default esp-gcm 256
(config)# default crypto ipsec profile
(config)# crypto ipsec profile default
(config)# set ikev2-profile IKEV2-Profile
(config)# interface Tunnel0
#ip unnumbered loop 0
#tunnel source eth0/0
#tunnel destination 15.0.0.1
#tunnel mode ipsec ipv4
#tunnel protection ipsec profile default
#ip ospf 1 area 0
Verify your tunnel
—————-
#show crypto engine connections active
#show crypto ikev2 sa
Troubleshooting
—————-
show crypto ikev2 stats
show crypto ikev2 stats exchange
show crypto ikev2 proposal
show crypto ipsec profile
show crypto ipsec sa
show crypto session
