crypto keyring ENCC-AWS-KEY01 pre-shared-key address key ! crypto keyring ENCC-AWS-KEY02 pre-shared-key address key crypto ikev2 keyring AWS_S2S_VPN peer _AWS01 address pre-shared-key local pre-shared-key remote ! peer _AWS02 address pre-shared-key local pre-shared-key remote crypto ikev2 fragmentation mtu 1200 ! crypto ipsec transform-set ENCC-IPSEC-VPN esp-gcm 256 mode transport ! crypto ikev2 proposal ENCC-AWS-IKE-PROPOSAL encryption aes-gcm-256 prf sha512 group 20 ! crypto ikev2 policy ENCC-AWS-POLICY proposal ENCC-AWS-IKE-PROPOSAL ! crypto ikev2 profile ENCC-AWS-IKE-PROFILE match identity remote address 255.255.255.255 match identity remote address 255.255.255.255 identity local address authentication local pre-share authentication remote pre-share keyring local AWS_S2S_VPN dpd 10 2 on-demand ! ! crypto ipsec profile ENCC-AWS-IPSEC-PROFILE set transform-set ENCC-IPSEC-VPN set pfs group20 set ikev2-profile ENCC-AWS-IKE-PROFILE interface tunnel 1 desc TO AWS1 ip address 255.255.255.252 tunnel protection ipsec profile ENCC-AWS-IPSEC-PROFILE tunnel source tunnel mode ipsec ipv4 tunnel destination ip mtu 1400 ip tcp adjust-mss 1360 ! interface tunnel 2 desc TO AWS2 ip address 255.255.255.252 tunnel protection ipsec profile ENCC-AWS-IPSEC-PROFILE tunnel source tunnel mode ipsec ipv4 tunnel destination ip mtu 1400 ip tcp adjust-mss 1360 ip route

ip route