Router> show ike policy IKEv2 IKE policy: IKEv2 IKD_ID: 5 negotiation mode: main proposal: 1 encryption: aes256 authentication: sha256 SA lifetime: 86400 key group: group14 NAT traversal: yes dead peer detection: yes my address: wan type: interface secure gateway address: 1 address: 0.0.0.0 secure gateway address: 2 address: 0.0.0.0 fall back: deactivate fall back check interval: 300 authentication method: rsa-sig pre-shared key: certificate: myown.domain.tld local ID: myown.domain.tld type: fqdn peer ID: type: any user ID: type: X-Auth: no type: method: allowed user: username: password: EAP-Auth: yes type: server aaa method: default allowed user: vpn-users allowed auth method: mschapv2 username: auth method: mschapv2 password: VPN connection: IKEv2 vcp reference count: 0 IKE_version: IKEv2 active: yes Router> show crypto map IKEv2 cryptography mapping: IKEv2 VPN gateway: IKEv2 Gateway IP Version: IPv4 encapsulation: tunnel active protocol: esp transform set: 1 encryption: aes256 authentication: sha256 SA lifetime: 86400 PFS: none nail up: no scenario: remote-access-server l2tp: no local policy: LAN1_SUBNET remote policy: any protocol type: any configuration provide: mode config: no configuration payload: yes address pool: L2TP_Pool first dns: 192.168.11.1 second dns: first wins: second wins: policy enforcement: no replay detection: no narrowed: yes adjust mss: yes mss value: 0 stop rekeying: no NetBIOS broadcast over IPSec: no outbound SNAT: no source: destination: target: inbound SNAT: no source: destination: target: inbound DNAT: no vcp reference count: 0 active: yes VTI: VPN ID: 3 connected: yes connectivity check: no check method: none IP address: none period: none timeout: none fail tolerance: none port: none log: no rule type: 4in4