Hi,

THX for you fast answer. How do I've enable K9? I guess a DNA licence was enough?

G>crypto ?
eap EAP
gdoi GKM - Group Key Management (including GDOI) Commands
gkm GKM - Group Key Management Commands
ikev2 IKEv2
ipsec IPSec
key Key related commands.
pki Public Key components

THX

Can I see 

Router(config)# crypto ?

G#conf t
Enter configuration commands, one per line. End with CNTL/Z.
G(config)#crypto ?
RSA-key-pair RSA key pair
call Configure Crypto Call Admission Control
dynamic-map Specify a dynamic crypto map template
engine Enter a crypto engine configurable menu
gdoi Configure GKM (Group Key Management, GDOI or G-IKEv2) Policy
gkm Configure GKM (Group Key Management, GDOI or G-IKEv2) Policy
identity Enter a crypto identity list
ikev2 Configure IKEv2 Options
ipsec Configure IPSEC policy
isakmp Configure ISAKMP policy
key Long term key operations
keyring Key ring commands
logging logging messages
map Enter a crypto map
mib Configure Crypto-related MIB Parameters
pki Public Key components
provisioning Secure Device Provisioning
sks-client Configure Crypto SKS-Client Options
ssl Configure Crypto SSL Options
tls-tunnel Configure Crypto TLS-Tunnel Options
vpn Configure crypto vpn commands
wui Crypto HTTP configuration interfaces
xauth X-Auth parameters

G#show version
Cisco IOS XE Software, Version 17.06.03a
Cisco IOS Software [Bengaluru], c8000be Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.6.3a, RELEASE SOFTWARE (fc1)
ROM: 17.6(6r)
-----------------------------------------------------------------
Technology Type Technology-package Technology-package
Current Next Reboot
-----------------------------------------------------------------
Smart License Perpetual network-essentials network-essentials
Smart License Subscription dna-essentials dna-essentials

The current crypto throughput level is 250000 kbps

Current setup:

R1:
interface GigabitEthernet0/0/0
 ip address 192.168.1.5 255.255.255.0
interface GigabitEthernet0/0/2
 ip address 10.0.0.13 255.255.255.252
router eigrp 1
 network 10.0.0.12 0.0.0.3
 network 192.0.0.0 0.255.255.255

R2:
interface GigabitEthernet0/0/0
 ip address 192.168.2.5 255.255.255.0
interface GigabitEthernet0/0/2
 ip address 10.0.0.14 255.255.255.252
router eigrp 1
 network 10.0.0.12 0.0.0.3
 network 192.0.0.0 0.255.255.255

I try the following:

R1:

crypto isakmp policy 1
 authentication pre-share
crypto isakmp key XXXXXXXXXX address 172.16.254.14
crypto ipsec transform-set MySet esp-3des esp-sha-hmac
crypto map MyMap 10 ipsec-isakmp
 set peer 172.16.254.14
 set transform-set MySet
 match address 101
 access-list 101 permit gre host 172.16.254.13 host 172.16.254.14

interface GigabitEthernet0/0/2
 crypto map MyMap

interface GigabitEthernet0/0/0
 ip address 192.168.1.5 255.255.255.0

interface Tunnel0
 ip address 10.0.0.13 255.255.255.252
 tunnel source GigabitEthernet0/0/2
 tunnel destination 172.16.254.14

router eigrp 111
 network 10.0.0.12 0.0.0.3
 network 192.168.1.0

R2:
crypto isakmp policy 1
 authentication pre-share
crypto isakmp key XXXXXXXXXX address 172.16.254.13
crypto ipsec transform-set MySet esp-3des esp-sha-hmac
crypto map MyMap 10 ipsec-isakmp
 set peer 172.16.254.13 
 set transform-set MySet
 match address 101
 access-list 101 permit gre host 172.16.254.14 host 172.16.254.13

interface GigabitEthernet0/0/2
 crypto map MyMap

interface GigabitEthernet0/0/0
 ip address 192.168.2.5 255.255.255.0

interface Tunnel0
 ip address 10.0.0.14 255.255.255.252
 tunnel source GigabitEthernet0/0/2
 tunnel destination 172.16.254.13

router eigrp 111
 network 10.0.0.12 0.0.0.3
 network 192.168.2.0

But this is not working.

Your Config is correct
only add 
tunnel key 10 <<- in both side 

I made the change,  but it still doesnt work. Current config from both:

R1:
!
crypto isakmp policy 1
encryption aes
hash sha
authentication pre-share
group 14
crypto isakmp key MyPassword address 172.16.254.14
!
!
crypto ipsec transform-set MySet esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto map MyMap 10 ipsec-isakmp
set peer 172.16.254.14
set transform-set MySet
match address 101
!
!
interface Tunnel0
ip address 10.0.0.13 255.255.255.252
tunnel source GigabitEthernet0/0/2
tunnel destination 172.16.254.14
tunnel key 10
!
interface GigabitEthernet0/0/0
ip address 192.168.1.5 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
negotiation auto
crypto map MyMap
!
router eigrp 1
network 10.0.0.12 0.0.0.3
network 192.168.1.0
!

R2:
!
crypto isakmp policy 1
encryption aes
hash sha
authentication pre-share
group 14
crypto isakmp key MyPassword address 172.16.254.13
!
!
crypto ipsec transform-set MySet esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto map MyMap 10 ipsec-isakmp
set peer 172.16.254.13
set transform-set MySet
match address 101
!
!
interface Tunnel0
ip address 10.0.0.14 255.255.255.252
tunnel source GigabitEthernet0/0/2
tunnel destination 172.16.254.13
tunnel key 10
!
interface GigabitEthernet0/0/0
ip address 192.168.2.5 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
negotiation auto
crypto map MyMap
!
!
router eigrp 1
network 10.0.0.12 0.0.0.3
network 192.168.2.0
!

not able to ping any ip addresses on the other side.

R1#show crypto ipsec sa

interface: GigabitEthernet0/0/2
Crypto map tag: MyMap, local addr 0.0.0.0

protected vrf: (none)
local ident (addr/mask/prot/port): (172.16.254.13/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (172.16.254.14/255.255.255.255/47/0)
current_peer 172.16.254.14 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 0.0.0.0, remote crypto endpt.: 172.16.254.14
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0/2
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

this is working so far:

On A:

crypto isakmp policy 10
hash sha256
authentication pre-share
group 14
encryption aes
exit
crypto isakmp key cisco address 10.0.0.14
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
exit
interface tunnel13
ip address 10.1.13.1 255.255.255.0
tunnel source 10.0.0.13
tunnel destination 10.0.0.14
router eigrp 100
netw 10.1.13.1 0.0.0.0
crypto ipsec profile ABC
set transform-set TSET
interface tunnel13
tunnel protection ipsec profile ABC
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
mode transport
interface tunnel13
tunnel mode ipsec ipv4
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
mode tunnel

On B:

crypto isakmp policy 10
hash sha256
authentication pre-share
group 14
encryption aes
exit
crypto isakmp key cisco address 10.0.0.13
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
exit
interface tunnel31
ip address 10.1.13.3 255.255.255.0
tunnel source 10.0.0.14
tunnel destination 10.0.0.13
router eigrp 100
netw 10.1.13.3 0.0.0.0
crypto ipsec profile ABC
set transform-set TSET
interface tunnel31
tunnel protection ipsec profile ABC
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
mode transport
interface tunnel31
tunnel mode ipsec ipv4
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
mode tunnel

interface GigabitEthernet0/0/2
no ip address
negotiation auto
crypto map MyMap

There is no IP for tunnel source interface?

of course, that could be the problem

Assign IP to interface and make sure tunnel destination is reachable from both sides.