crypto ikev2 proposal ikev2-proposal
 encryption aes-cbc-256
 integrity sha512
 group 21
!
crypto ikev2 policy ikev2-policy
 match address local yy.yy.yy.yy
 proposal ikev2-proposal
!
crypto ikev2 keyring ikev2-keyring
 peer peer-test
  address xx.xx.xx.xx
  identity address xx.xx.xx.xx
  pre-shared-key local cisco1234
  pre-shared-key remote cisco1234
 !
!
!
crypto ikev2 profile ikev2-proposal
 match identity remote address xx.xx.xx.xx 255.255.255.255
 identity local address yy.yy.yy.yy
 authentication remote pre-share
 authentication local pre-share
 keyring local ikev2-keyring
!
!!
crypto ipsec transform-set IPSEC2 esp-aes 256 esp-sha256-hmac
 mode tunnel
!
!
!
crypto map mymap local-address Vlan20
crypto map mymap 1 ipsec-isakmp
 set peer xx.xx.xx.xx
 set transform-set IPSEC2
 set pfs group14
 set ikev2-profile ikev2-proposal
 match address acl-test


interface GigabitEthernet1
 switchport access vlan 10
 no ip address
!
interface GigabitEthernet2
 switchport access vlan 20
 no ip address
!
!
interface Vlan10
 ip address zz.zz.zz.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1356
!
interface Vlan20
 ip address yy.yy.yy.yy 255.255.255.248
 ip access-group inside in
 ip access-group outside out
 ip mtu 1454
 ip nat outside
 ip virtual-reassembly in
 ip tcp adjust-mss 1356
 crypto map mymap
!
!
ip nat inside source list 1 interface Vlan20 overload

access-list acl-test permit ip zz.zz.zz.0 0.0.0.255 any







***************************************************************
test-router#show crypto ikev2 sa
test-router#
test-router#
test-router#show crypto ikev2 session
test-router#
test-router#