Well explained here https://supportforums.cisco.com/discussion/11365756/qos-question-shape-peak-and-shape-average Thanks Hitesh ... View more

No worries.. Glad that its sorted which matters :) Cheers Hitesh ... View more

interface Tunnel11 ip vrf forwarding CUST ip address 169.254.0.1 255.255.255.0 ip tcp adjust-mss 1350 tunnel source GigabitEthernet0/0/0.422 tunnel mode ipsec ipv4 tunnel destination 13.80.x.x tunnel protection ipsec profile PROF-PH2-AZURE ikev2-profile tunnel vrf INTERNET Thanks Hitesh ... View more

Hi there, It seems, its down to the tunnel protection command under tunnel interface  IKE Profile Based Tunnel Selection The IKE Profile Based Tunnel Selection feature uses the Internet Key Exchange (IKE) or Internet Key Exchange version 2 (IKEv2) profile to select a tunnel interface for an IPsec session. Use keywords isakmp-profile or ikev2-profile keyword in the tunnel protection command to specify an IKE profile or IKEv2 profile respectively. o associate a tunnel interface with an IP Security (IPsec) profile, use the tunnel protection command in interface configuration mode. To disassociate a tunnel with an IPsec profile, use the no form of this command. tunnel protection ipsec profile name [shared | { isakmp-profile | ikev2-profile } name ] Please try adding ikev2-profile with tunnel protection and check. Also check your IOS version should be greater 15.2 i assume. HTH Hitesh ... View more

Your tunnel should be sourced from vrf INTERNET. Can you paste some debug of isakmp and ipsec Thanks Hitesh ... View more

Please add following statement interface Tunnel11 tunnel vrf INTERNET HTH Hitesh ... View more