Version 4.1 - 6.6.a FlexVPN
Flex VPN is a new framework to configure IPsec VPN with IKE version 2 (IKEv2) on IOS platforms .
FlexVPN and IKEv2 Configuration Guide, IOS 15M&T
FlexVPN and IKEv2 Configuration Guide IOS XE
"FlexVPN is Cisco's implementation of the IKEv2 standard featuring a unified paradigm and CLI that combines site to site, remote access, hub and spoke topologies and partial meshes (spoke to spoke direct). FlexVPN offers a simple but modular framework that extensively uses the tunnel interface paradigm while remaining compatible with legacy VPN implementations using crypto maps."
Here is a FlexVPN Site-to-Site Configuration Example
1. Configure the Internet Key Exchange version 2 (IKEv2) keyring:
crypto ikev2 keyring mykeys
peer Right-Router
address 172.20.5.43
pre-shared-key Cisco123
2. Reconfigure the IKEv2 default profile in order to:
match on the IKE ID
set the authentication methods for local and remote
reference the keyring listed in the previous step
crypto ikev2 profile default
match identity remote address 172.20.5.43 255.255.255.255
authentication local pre-share
authentication remote pre-share
keyring local mykeys
dpd 60 2 on-demand
3. Reconfigure the default IPsec profile in order to reference the default IKEv2 profile:
crypto ipsec profile default
set ikev2-profile default
!
interface Tunnel0
ip address 10.1.12.100 255.255.255.0
tunnel source Ethernet0/0
tunnel destination 172.20.5.43
tunnel protection ipsec profile default
!
4. Configure the LAN and WAN interfaces:
interface Ethernet0/0
description WAN
ip address 172.18.3.52 255.255.255.0
!
interface Ethernet0/1
description LAN
ip address 192.168.100.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 172.18.3.1 name route_to_internet
And then the mirror config on the other router. This is for Pre-shared key. The config example page also covers PKI tunnel configuration.