ASA IKEv2 routed based L2L VPN
Supported from 9.7.1 1. Create Phase I policy crypto ikev2 policy 10 encryption aes-256 integrity sha256 group 14 prf sha256 lifetime seconds 86400 2. Enable IKEv2 on outside interface crypto ikev2 enable outside 3. Create Phase II proposal crypto ipsec ikev2 ipsec-proposal AES256-SHA256 protocol esp encryption aes-256 protocol esp integrity sha-256 4. Create ipsec profile crypto ipsec profile P2- AES256-SHA256-G14 set ikev2 ipsec-proposal AES256-SHA256 set pfs group14 5.Create tunnel interface interface Tunnel1 nameif vpn1 ip address 169.254.254.253 255.255.255.252 tunnel source interface outside tunnel destination 203.0.113.2 tunnel mode ipsec ipv4 tunnel protection ipsec profile P2- AES256-SHA256-G14 6. Create tunnel-group tunnel-group 203.0.113.2 type ipsec-l2l tunnel-group 203.0.113.2 ipsec-attributes ikev2 remote-authentication pre-shared-key Cisco123 ikev2 local-authentication pre-shared-key Cisco123 7. Add static route