interface Tunnel1
 vrf forwarding jedna
 ip address 172.16.0.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication DMVPN
 ip nhrp network-id 123
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet1
 tunnel mode gre multipoint
 tunnel key 123
 tunnel protection ipsec profile IPSEC-PROF-KIA-1-INET shared
end

R2#sh run int tu2
Building configuration...

Current configuration : 328 bytes
!
interface Tunnel2
 vrf forwarding dva
 ip address 172.16.1.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication DMVPN
 ip nhrp network-id 124
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet1
 tunnel mode gre multipoint
 tunnel key 124
 tunnel protection ipsec profile IPSEC-PROF-KIA-1-INET shared
end

R2#sh run int tu3
Building configuration...

Current configuration : 308 bytes
!
interface Tunnel3
 ip address 172.16.2.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication DMVPN
 ip nhrp network-id 125
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet1
 tunnel mode gre multipoint
 tunnel key 125
 tunnel protection ipsec profile IPSEC-PROF-KIA-1-INET shared
end







R2#show cry ikev2 sa
 IPv4 Crypto IKEv2  SA 

Tunnel-id Local                 Remote                fvrf/ivrf            Status 
3         10.208.116.112/500    10.208.116.113/500    none/jedna           READY  
      Encr: AES-CBC, keysize: 256, PRF: SHA512, Hash: SHA512, DH Grp:24, Auth sign: PSK, Auth verify: PSK
      Life/Active Time: 86400/998 sec

 IPv6 Crypto IKEv2  SA 

R2#
R2#sh cry sess
Crypto session current status

Interface: Tunnel1 Tunnel2 Tunnel3 
Session status: UP-NO-IKE
Peer: 10.208.116.113 port 500 
  IPSEC FLOW: permit 47 host 10.208.116.112 host 10.208.116.113 
        Active SAs: 2, origin: crypto map

Interface: Tunnel1
Profile: IKE2-PROF-KIA-1-INET
Session status: UP-IDLE
Peer: 10.208.116.113 port 500 
  Session ID: 80  
  IKEv2 SA: local 10.208.116.112/500 remote 10.208.116.113/500 Active 

R2# 
R2#
R2#
R2#sh cry ips sa

interface: Tunnel1
    Crypto map tag: IPSEC-PROF-KIA-1-INET-head-1-IPv4, local addr 10.208.116.112

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (10.208.116.112/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (10.208.116.113/255.255.255.255/47/0)
   current_peer 10.208.116.113 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 130, #pkts encrypt: 130, #pkts digest: 130
    #pkts decaps: 119, #pkts decrypt: 119, #pkts verify: 119
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 10.208.116.112, remote crypto endpt.: 10.208.116.113
     plaintext mtu 1446, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
     current outbound spi: 0x2A58FFA4(710475684)
     PFS (Y/N): N, DH group: none

     inbound esp sas:
      spi: 0xE6316534(3861996852)
        transform: esp-gcm 256 ,
        in use settings ={Tunnel, }
        conn id: 2389, flow_id: CSR:389, sibling_flags FFFFFFFF80000048, crypto map: IPSEC-PROF-KIA-1-INET-head-1-IPv4
         sa timing: remaining key lifetime (k/sec): (4607985/2592)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE(ACTIVE)

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x2A58FFA4(710475684)
        transform: esp-gcm 256 ,
        in use settings ={Tunnel, }
        conn id: 2390, flow_id: CSR:390, sibling_flags FFFFFFFF80000048, crypto map: IPSEC-PROF-KIA-1-INET-head-1-IPv4
         sa timing: remaining key lifetime (k/sec): (4607988/2592)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE(ACTIVE)

     outbound ah sas:

     outbound pcp sas:

interface: Tunnel2
    Crypto map tag: IPSEC-PROF-KIA-1-INET-head-1-IPv4, local addr 10.208.116.112

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (10.208.116.112/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (10.208.116.113/255.255.255.255/47/0)
   current_peer 10.208.116.113 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 130, #pkts encrypt: 130, #pkts digest: 130
    #pkts decaps: 119, #pkts decrypt: 119, #pkts verify: 119
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 10.208.116.112, remote crypto endpt.: 10.208.116.113
     plaintext mtu 1446, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
     current outbound spi: 0x2A58FFA4(710475684)
     PFS (Y/N): N, DH group: none

     inbound esp sas:
      spi: 0xE6316534(3861996852)
        transform: esp-gcm 256 ,
        in use settings ={Tunnel, }
        conn id: 2389, flow_id: CSR:389, sibling_flags FFFFFFFF80000048, crypto map: IPSEC-PROF-KIA-1-INET-head-1-IPv4
         sa timing: remaining key lifetime (k/sec): (4607985/2592)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE(ACTIVE)

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x2A58FFA4(710475684)
        transform: esp-gcm 256 ,
        in use settings ={Tunnel, }
        conn id: 2390, flow_id: CSR:390, sibling_flags FFFFFFFF80000048, crypto map: IPSEC-PROF-KIA-1-INET-head-1-IPv4
         sa timing: remaining key lifetime (k/sec): (4607988/2592)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE(ACTIVE)

     outbound ah sas:

     outbound pcp sas:

interface: Tunnel3
    Crypto map tag: IPSEC-PROF-KIA-1-INET-head-1-IPv4, local addr 10.208.116.112

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (10.208.116.112/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (10.208.116.113/255.255.255.255/47/0)
   current_peer 10.208.116.113 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 130, #pkts encrypt: 130, #pkts digest: 130
    #pkts decaps: 119, #pkts decrypt: 119, #pkts verify: 119
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 10.208.116.112, remote crypto endpt.: 10.208.116.113
     plaintext mtu 1446, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
     current outbound spi: 0x2A58FFA4(710475684)
     PFS (Y/N): N, DH group: none

     inbound esp sas:
      spi: 0xE6316534(3861996852)
        transform: esp-gcm 256 ,
        in use settings ={Tunnel, }
        conn id: 2389, flow_id: CSR:389, sibling_flags FFFFFFFF80000048, crypto map: IPSEC-PROF-KIA-1-INET-head-1-IPv4
         sa timing: remaining key lifetime (k/sec): (4607985/2592)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE(ACTIVE)

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x2A58FFA4(710475684)
        transform: esp-gcm 256 ,
        in use settings ={Tunnel, }
        conn id: 2390, flow_id: CSR:390, sibling_flags FFFFFFFF80000048, crypto map: IPSEC-PROF-KIA-1-INET-head-1-IPv4
         sa timing: remaining key lifetime (k/sec): (4607988/2592)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE(ACTIVE)

     outbound ah sas:

     outbound pcp sas:
R2#