interface GigabitEthernet1/1
 description OUTSIDE WAN
 nameif outside
 security-level 0
 ip address x.x.x.18 255.255.255.252

interface GigabitEthernet1/2.200
 description INSIDE VOICE VLAN 200
 vlan 200
 nameif VOICE-LAN
 security-level 100
 ip address 192.168.200.1 255.255.255.0

crypto ipsec ikev2 ipsec-proposal SITE2SITE_Proposal
 protocol esp encryption aes-256 3des aes-gmac-256
 protocol esp integrity sha-256 sha-1 md5

crypto ikev2 policy 5
 encryption aes-256
 integrity sha256
 group 2
 prf sha256
 lifetime seconds 120

crypto ikev2 enable OUTSIDE

access-list SITE2SITE_ACL extended permit ip host x.x.x.202 host x.x.x.18

tunnel-group x.x.x.202 type ipsec-l2l
tunnel-group x.x.x.202 ipsec-attributes
 ikev2 remote-authentication pre-shared-key some_key
 ikev2 local-authentication pre-shared-key some_key

tunnel-group x.x.x.202 general-attributes
 no accounting-server-group
 default-group-policy DfltGrpPolicy

group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev2

crypto map CM.OUTSIDE 10 match address SITE2SITE_ACL
crypto map CM.OUTSIDE 10 set pfs
crypto map CM.OUTSIDE 10 set peer x.x.x.202
crypto map CM.OUTSIDE 10 set ikev2 ipsec-proposal SITE2SITE_Proposal
crypto map CM.OUTSIDE 10 set reverse-route
crypto map CM.OUTSIDE interface outside

crypto map CM.OUTSIDE interface OUTSIDE