Hi!

Can someone share IKEV2 configuration for Cisco ASA using IKEV2? I'm having a hard time making it work.

crypto ikev2 enable outside
crypto ikev2 policy 10
encryption aes-256
integrity sha
prf sha256
group 14
lifetime 28800

crypto ipsec ikev2 ipsec-proposal VPN-TRANSFORM
protocol esp encryption aes-256
protocol esp integrity sha

object-group network OBJ-REMOTE-END
network-object 10.1.1.0 255.255.255.0
network-object 10.2.2.0 255.255.255.0

object-group network ONPREM
network-object 10.10.10.0 255.255.255.0

access-list cryptomap_ikev2 extended permit ip object-group ONPREM object-group OBJ-REMOTE-END

tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
ikev2 remote-authentication pre-shared-key ikev2
ikev2 local-authentication pre-shared-key ikev2
isakmp keepalive disable

crypto map outside_map 10 match address cryptomap_ikev2
crypto map outside_map 10 set peer 1.1.1.1
crypto map outside_map 10 set ikev2 ipsec-proposal VPN-TRANSFORM
crypto map outside_map 10 set security-association lifetime seconds 3600

nat (inside,outside) source static ONPREM ONPREM destination static OBJ-REMOTE-END OBJ-REMOTE-END no-proxy-arp route-lookup