CORRECT TEXT
You must use the IKE2 configuration blocks to accomplish this task.
Answer: See the explanation.
Explanation:
Here are the steps as below:
Step 1: configure key ring
crypto ikev2 keyring mykeys
peer SiteB.cisco.com
address 209.161.201.1
pre-shared-key local $iteA
pre-shared key remote $iteB
Step 2: Configure IKEv2 profile
Crypto ikev2 profile default
identity local fqdn SiteA.cisco.com
Match identity remote fqdn SiteB.cisco.com
Authentication local pre-share
Authentication remote pre-share
Keyring local mykeys
Step 3: Create the GRE Tunnel and apply profile
crypto ipsec profile default
set ikev2-profile default
Interface tunnel 0
ip address 10.1.1.1 255.255.255.0
Tunnel source eth 0/0
Tunnel destination 209.165.201.1
tunnel protection ipsec profile default
end
Proposal configuration is missed in the answer. I mean proposal configuration is needed since we are asked to configure IKEv2 proposal and make sure the tunnel will use the following parameters:
Encryption Algorithm: AES128
Integrity Algorithm: SHA1
Diffie-Hellman group: 5
In this case, smart defaults cannot make sure both routers will agree with the above parameters since both routers will try to agree with the strongest algorithm in this case AES-CBC-256
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-mt/sec-flex-vpn-15-mt-book/sec-cfg-ikev2-flex.html#GUID-F936D366-EEE2-4016-A8CA-DE4EF6C1B205
0
0
crypto ikev2 proposal default
encryption aes-cbc-128
integrity sha1
group 5
0
0