Hi,

crypto map TEST 1 match address Outside_cryptomap
crypto map TEST 1 set pfs group5
crypto map TEST 1 set peer 1.1.1.1
crypto map TEST 1 set ikev2 ipsec-proposal AES-256

crypto map TEST 2 match address Outside_cryptomap_1
crypto map TEST 2 set peer 3.3.3.3
crypto map TEST 2 set pfs group5
crypto map TEST 2 set ikev2 ipsec-proposal AES-256

crypto map TEST 10 match address azure-vpn-acl
crypto map TEST 10 set peer 2.2.2.2
crypto map TEST 10 set ikev1 transform-set azure-ipsec-proposal-set
crypto map TEST 65535 ipsec-isakmp dynamic TEST
crypto map TEST interface Outside

tunnel-group 3.3.3.3 ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!

tunnel-group 1.1.1.1 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****

crypto ikev2 enable Outside client-services port 443
Do I need to add "crypto ikev2 enable" ?

But My TEST 1 is working , that is also ikev2

I have problem with TEST 2
The remote side the device is not ASA ,it has only one psk . In that case what could be my "remote-authentication pre-shared-key and local-authentication pre-shared-key" .
I gave both the same psk for remote and local

Thanks

@bluesea2010 

If you are using IKEv2 then you will need to use "debug crypto ikev2 protocol 127" and "debug crypto ikev2 platform 127".

The pre-shared key needs to be identical, so the remote and local PSK can be the same.....are you sure the other device is using IKEv2 though? You cannot use IKEv1 on one device and IKEv2 on another device and establish a VPN.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115935-asa-ikev2-debugs.html

Turn on those debugs and ensure logging is enabled to display the output.