Hello,

I have issue regarding Crypto map VPN between cisco ISR 4433 router and Mikrotik Router..

Issue is that Phase 2 is not up...

Relevant config

crypto isakmp profile IKEV1_PROFILE_CRYPTOMAP
vrf SILK
keyring IKEv1_KEYRING1
match identity address XX.XX.XX.XX 255.255.255.255

crypto keyring IKEv1_KEYRING1 vrf VRF

 pre-shared-key address XX.XX.XX.XX key 

crypto map CRYPTO_VRF 2 ipsec-isakmp
set peer XX.XX.XX.XX
set transform-set ESP-AES256-SHA256
set pfs group14
set isakmp-profile IKEV1_PROFILE_CRYPTOMAP
match address CRYPTOMAP
reverse-route

Below is output of debug crypto ipsec 

May 11 2022 13:50:00.957 TBS: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= CISCO_PUBLIC_IP:0, remote= MIKROTIK_PUBLIC_IP:0,
    local_proxy= 10.11.11.11/255.255.255.255/256/0,
    remote_proxy= 10.11.11.15/255.255.255.255/256/0,
    protocol= ESP, transform= esp-aes 256 esp-sha256-hmac  (Tunnel), esn= FALSE,
    lifedur= 0s and 0kb, 
    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
May 11 2022 13:50:00.957 TBS: Crypto mapdb : proxy_match
        src addr     : 10.11.11.11
        dst addr     : 10.11.11.15
        protocol     : 0
        src port     : 0
        dst port     : 0
May 11 2022 13:50:00.958 TBS: Crypto mapdb : proxy_match
        src addr     : 10.11.11.11
        dst addr     : 10.11.11.15
        protocol     : 0
        src port     : 0
        dst port     : 0
May 11 2022 13:50:00.958 TBS: IPSEC(ipsec_process_proposal): peer address MIKROTIK_PUBLIC_IP not found
May 11 2022 13:50:00.959 TBS: IPSEC(crypto_ipsec_validate_proposal_request): duplicate/invalid transform requested: prot 3, trans 13, hmac 5
May 11 2022 13:50:00.960 TBS: IPSEC(crypto_ipsec_validate_proposal_request): duplicate/invalid transform requested: prot 3, trans 13, hmac 5
May 11 2022 13:50:00.961 TBS: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= CISCO_PUBLIC_IP:0, remote= MIKROTIK_PUBLIC_IP:0,
    local_proxy= 10.11.11.11/255.255.255.255/256/0,
    remote_proxy= 10.11.11.15/255.255.255.255/256/0,
    protocol= ESP, transform= esp-gcm 256  (Tunnel), esn= FALSE,
    lifedur= 0s and 0kb, 
    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
May 11 2022 13:50:00.961 TBS: Crypto mapdb : proxy_match
        src addr     : 10.11.11.11
        dst addr     : 10.11.11.15
        protocol     : 0
        src port     : 0
        dst port     : 0
May 11 2022 13:50:00.961 TBS: Crypto mapdb : proxy_match
        src addr     : 10.11.11.11
        dst addr     : 10.11.11.15
        protocol     : 0
        src port     : 0
        dst port     : 0
ROUTER#
May 11 2022 13:50:00.961 TBS: IPSEC(ipsec_process_proposal): peer address MIKROTIK_PUBLIC_IP not found
May 11 2022 13:50:00.962 TBS: IPSEC(crypto_ipsec_validate_proposal_request): duplicate/invalid transform requested: prot 3, trans 20, hmac 0