
R1

aaa authorization network rad_auth group rad_authentication_group

crypto ikev2 name-mangler spoke-name-mangler
 email username
!
crypto ikev2 keyring KEYRING
 peer R2
  address 1.1.1.2
  pre-shared-key local P@ssword12345
  pre-shared-key remote P@ssword12345
 !
!
crypto ikev2 profile default
 match identity remote fqdn R2.NWL.LAB
 identity local fqdn R1.NWL.LAB
 authentication remote pre-share
 authentication local pre-share
 keyring aaa rad_auth name-mangler spoke-name-mangler
 lifetime 180
 dpd 10 2 periodic
 aaa authorization group psk list rad_auth name-mangler spoke-name-mangler
 
 Debug cry ikev2
!
*Oct 20 03:12:18.362: IKEv2:(SESSION ID = 1,SA ID = 1):Process auth response notify
*Oct 20 03:12:18.363: IKEv2:(SESSION ID = 1,SA ID = 1):Searching policy based on peer's identity 'test01@NWL.LAB' of type 'RFC822 address'
*Oct 20 03:12:18.366: IKEv2-ERROR:(SESSION ID = 1,SA ID = 1):: Failed to locate an item in the database
*Oct 20 03:12:18.367: IKEv2:(SESSION ID = 1,SA ID = 1):Verification of peer's authentication data FAILED
*Oct 20 03:12:18.367: IKEv2:(SESSION ID = 1,SA ID = 1):Auth exchange failed
*Oct 20 03:12:18.368: IKEv2-ERROR:(SESSION ID = 1,SA ID = 1):: Auth exchange failed
*Oct 20 03:12:18.370: IKEv2:(SESSION ID = 1,SA ID = 1):Abort exchange
*Oct 20 03:12:18.371: IKEv2:(SESSION ID = 1,SA ID = 1):Deleting SA
*Oct 20 03:12:28.359: IKEv2-ERROR:Couldn't find matching SA: Detected an invalid IKE SPI 

==================================================================================================

R2

crypto ikev2 keyring KEYRING
 peer R1
  address 1.1.1.1
  pre-shared-key local P@ssword12345
  pre-shared-key remote P@ssword12345
 !
!
!
crypto ikev2 profile default
 match identity remote fqdn R1.NWL.LAB
 identity local R2.NWL.LAB 
 identity local email test01@NWL.LAB
 authentication remote pre-share
 authentication local pre-share
 lifetime 180
 dpd 10 2 periodic
 
 debug cry ikev2
 
 *Oct 20 03:16:36.447: IKEv2:(SESSION ID = 257,SA ID = 1):Sending Packet [To 1.1.1.1:500/From 1.1.1.2:500/VRF i0:f0] 
Initiator SPI : 3C487AD27FE81477 - Responder SPI : 9603A800E0F9B52D Message id: 0
IKEv2 INFORMATIONAL Exchange REQUEST 
Payload contents: 
 ENCR 
lear cry ikev2 sa 
R2#
*Oct 20 03:16:38.451: IKEv2:(SESSION ID = 257,SA ID = 1):Retransmitting packet 

*Oct 20 03:16:38.452: IKEv2:(SESSION ID = 257,SA ID = 1):Sending Packet [To 1.1.1.1:500/From 1.1.1.2:500/VRF i0:f0] 
Initiator SPI : 3C487AD27FE81477 - Responder SPI : 9603A800E0F9B52D Message id: 0
IKEv2 INFORMATIONAL Exchange REQUEST 
Payload contents: 
 ENCR 

*Oct 20 03:16:38.810: IKEv2:(SESSION ID = 257,SA ID = 1):Sending DELETE INFO message for IKEv2 SA [ISPI: 0x3C487AD27FE81477 RSPI: 0x9603A800E0F9B52D]
*Oct 20 03:16:38.811: IKEv2:(SESSION ID = 257,SA ID = 1):Building packet for encryption.  
Payload contents: 
 DELETE NOTIFY(DELETE_REASON)
*Oct 20 03:16:38.813: IKEv2:(SESSION ID = 257,SA ID = 1):Checking if request will fit in peer window 

*Oct 20 03:16:38.814: IKEv2:(SESSION ID = 257,SA ID = 1):Sending Packet [To 1.1.1.1:500/From 1.1.1.2:500/VRF i0:f0] 
Initiator SPI : 3C487AD27FE81477 - Responder SPI : 9603A800E0F9B52D Message id: 1
IKEv2 INFORMATIONAL Exchange REQUEST 
Payload contents: 
 ENCR 

*Oct 20 03:16:38.817: IKEv2:(SESSION ID = 257,SA ID = 1):Check for existing active SA
*Oct 20 03:16:38.818: IKEv2:(SESSION ID = 257,SA ID = 1):Delete all IKE SAs
*Oct 20 03:16:38.831: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
*Oct 20 03:16:40.458: IKEv2:(SESSION ID = 257,SA ID = 1):Retransmitting packet 

*Oct 20 03:16:40.459: IKEv2:(SESSION ID = 257,SA ID = 1):Sending Packet [To 1.1.1.1:500/From 1.1.1.2:500/VRF i0:f0] 
Initiator SPI : 3C487AD27FE81477 - Responder SPI : 9603A800E0F9B52D Message id: 0
IKEv2 INFORMATIONAL Exchange REQUEST 
Payload contents: 
 ENCR 

*Oct 20 03:16:40.760: IKEv2:(SESSION ID = 257,SA ID = 1):Retransmitting packet 

*Oct 20 03:16:40.761: IKEv2:(SESSION ID = 257,SA ID = 1):Sending Packet [To 1.1.1.1:500/From 1.1.1.2:500/VRF i0:f0] 
Initiator SPI : 3C487AD27FE81477 - Responder SPI : 9603A800E0F9B52D Message id: 1
IKEv2 INFORMATIONAL Exchange REQUEST 
Payload contents: 
 ENCR 

*Oct 20 03:16:42.463: IKEv2-ERROR:(SESSION ID = 257,SA ID = 1):: Maximum number of retransmissions reached
*Oct 20 03:16:42.464: IKEv2:(SESSION ID = 257,SA ID = 1):Check for existing active SA
*Oct 20 03:16:42.465: IKEv2:(SESSION ID = 257,SA ID = 1):Delete all IKE SAs
*Oct 20 03:16:42.465: IKEv2:(SESSION ID = 257,SA ID = 1):Deleting SA