crypto ikev2 proposal IKEv2_KEY1
 encryption aes-gcm-256
 prf sha256 sha384 sha512
 group 19 20 21 24
!
crypto ikev2 policy IKEv2_PROPOSAL
 match fvrf any
 match address local 10.0.4.4
 proposal IKEv2_KEY1
!
crypto ikev2 keyring IKEv2_KEYRING
 peer ANY
  address 0.0.0.0 0.0.0.0
  pre-shared-key cisco123
 !
!
!
crypto ikev2 profile IKEv2-Profile
 match fvrf any
 match address local interface TenGigabitEthernet1/0/48
 match identity remote any
 authentication remote pre-share
 authentication local pre-share
 keyring local IKEv2_KEYRING
!
!
!
crypto ipsec transform-set IKEv2_GCM esp-gcm 256
 mode tunnel
!
crypto ipsec profile IPSEC-IKEv2
 set transform-set IKEv2_GCM
 set ikev2-profile IKEv2-Profile
!
!
!
interface Tunnel4000
 ip address 10.0.200.4 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 tunnel source 10.0.4.4
 tunnel mode ipsec ipv4
 tunnel destination 10.0.3.3
 tunnel protection ipsec profile IPSEC-IKEv2
!
!
interface TenGigabitEthernet1/0/48
 description Connection_to_MDA_Red_RTR
 no switchport
 ip address 10.0.4.4 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex full
 no cdp enable
 no lldp transmit
!
ip route 0.0.0.0 0.0.0.0 10.0.4.10