I build recently some lab that contain 5 routers: R1 R2 R3 R4 R5 = ISP router   the topology is sort of Hub and Spoke which my R1 is the hub, I setup on R1 IKEv2 Policy which use some proposal that contain the following: encryption aes-cbc-256 integrity sha1 group 5   On IKEv2 Profile I match some certificate map that contain issuer name I configured virtual-template 1 type tunnel and try to make IPSEC connectivity to R2, but I have some issue to bring that connection up, if I use interface tunnel instade of  virtual-template everything work grate but I specifically need to use virtual-template. If I run dome debug I get the following error: IPSEC(ipsec_process_proposal): invalid local address   I google it and found cases of misconfigured or bug report (https://bst.cloudapps.cisco.com/bugsearch/bug/CSCud69442/?rfs=iqvred) I use version 15.2(4)S7    I working on it tree friking days so I decided to use the community... If someone can tell me what went failed in my case I really appreciate it   I attach file of R1, R2 and R5 Thanks in advance   ... View more