Try taking the "native" off the dot1q line.  The native vlan is untagged and I would think you want all your traffic to be tagged. nterface GigabitEthernet0/0/2.912description Management NETWORKencapsulation dot1Q 912 nativeip address 10.9.12.1 255.2...

Yes that is correct, if the host time is more than 1024 seconds off from the received time it will mark the source as insane.

Looks to me like your authentication has failed.   *Sep 21 16:22:57.921: IKEv2:(SESSION ID = 1,SA ID = 1):Received Packet [From 10.10.12.66:500/To 10.11.90.2:500/VRF i1:f1]Initiator SPI : 8043E2A8477F206B - Responder SPI : 1B1073A2B00CA757 Message id...

Its still useful information Paolo, which is why they don't delete these threads.