FlexVPN = IKEV2 + NGE(Next Generation Encryption)
IKEV1 = phase 1 => negotiate
phase 2 => IPSec Tunnel
IKEV2 => Initial neogtiation + IPSec Tunnel
=> proposals, key ring, policy, profile
#show crypto ikev2 proposal default
#show crypto ikev2 policy default
(config)# crypto ikev2 keyring HRT-keyring
peer container1
address 192.168.10.2
identity fqdn r2.test.local
pre-shared-key local cisco
pre-shared-key remote cisco123
(config)# crypto ikev2 profile HRT-profile
match identity remote fqdn r2.test.local
identity local fqdn r1.test.local
authentication local pre-share
authentication remote pre-share
keyring local HRT-keyring
(config)# crypto ipsec profile default
# set ikev2-profile HRT-profile
(config)# int tunnel 3
# tunnel source gi0/0
# tunnel destination 192.168.10.2
# tunnel mode ipsec ipv4
# tunnel protection ipsec profile default
(config)# crypto ikev2 keyring HRT-keyring
peer container1
address 192.168.10.1
identity fqdn r1.test.local
pre-shared-key local cisco123
pre-shared-key remote cisco
(config)# crypto ikev2 profile HRT-profile
match identity remote fqdn r1.test.local
identity local fqdn r2.test.local
authentication local pre-share
authentication remote pre-share
keyring local HRT-keyring
(config)# crypto ipsec profile default
# set ikev2-profile HRT-profile
(config)# int tunnel 3
# tunnel source gi0/0
# tunnel destination 192.168.10.1
# tunnel mode ipsec ipv4
# tunnel protection ipsec profile default
#show crypto ikev2 sa
#show crypto engine active connections
