Hallo All ,
I am trying to configure IKEV2 with SVTI but I am facing following error, could you guide me about that.
****************************************************
R4#show crypto ikev2 sa
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf Status
1 192.168.2.4/500 192.168.12.1/500 none/none IN-NEG
Encr: Unknown - 0, Hash: None, DH Grp:0, Auth sign: Unknown - 0, Auth verify: Unknown - 0
Life/Active Time: 86400/0 sec
IPv6 Crypto IKEv2 SA
****************************************************
R1#show crypto ikev2 sa
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf Status
1 192.168.12.1/500 192.168.2.1/500 none/none IN-NEG
Encr: Unknown - 0, Hash: None, DH Grp:0, Auth sign: Unknown - 0, Auth verify: Unknown - 0
Life/Active Time: 86400/0 sec
IPv6 Crypto IKEv2 SA
****************************************************
R1#show running-config | sec crypto
crypto ikev2 proposal IKEv2_PROPOSAL
encryption aes-cbc-256 aes-cbc-192 3des
integrity sha512 sha256 md5
group 14 5 2
crypto ikev2 policy IKEv2_POLICY
match fvrf any
proposal IKEv2_PROPOSAL
crypto ikev2 keyring IKEv2_KEYRING
peer R4
address 192.168.2.1
pre-shared-key local cisco
pre-shared-key remote cisco
!
crypto ikev2 profile IKEv2_PROFILE
match identity remote address 192.168.2.1 255.255.255.255
identity local address 192.168.12.1
authentication remote pre-share
authentication local pre-share
keyring local IKEv2_KEYRING
crypto ikev2 fragmentation mtu 100
crypto ipsec transform-set IPSEC_TRANSFORM1 esp-aes 256 esp-sha512-hmac
mode tunnel
crypto ipsec profile IPSEC_PROFILE
set transform-set IPSEC_TRANSFORM1
set ikev2-profile IKEv2_PROFILE
****************************************************
R4#show running-config | sec crypto
crypto ikev2 proposal IKEv2_PROPOSAL
encryption aes-cbc-256 aes-cbc-192 3des
integrity sha512 sha256 md5
group 14 5 2
crypto ikev2 policy IKEv2_POLICY
match fvrf any
proposal IKEv2_PROPOSAL
crypto ikev2 keyring IKEv2_KEYRING
peer R1
address 192.168.12.1
pre-shared-key local cisco
pre-shared-key remote cisco
!
crypto ikev2 profile IKEv2_PROFILE
match identity remote address 192.168.12.1 255.255.255.255
identity local address 192.168.2.1
authentication remote pre-share
authentication local pre-share
keyring local IKEv2_KEYRING
crypto ikev2 fragmentation mtu 100
crypto ipsec transform-set IPSEC_TRANSFORM1 esp-aes 256 esp-sha512-hmac
mode tunnel
crypto ipsec profile IPSEC_PROFILE
set transform-set IPSEC_TRANSFORM1
set ikev2-profile IKEv2_PROFILE
****************************************************
With Regards.
Waheed