...
The first step is to configure the required interfaces, establish the layer-3 reachability between IPSec tunnel source and destination. Configure the tunnel interface with encapsulation type, specify the tunnel source/remote IP
Configure IPSec parameters for ESP-group and IKE-group with “encryption” and “hash” protocol along with IKE version type to be used
Configure IPSec site-to-site configuration with local and remote peer IP, authentication mode/pre-shared-key, tunnel interface with local/remote prefix for the intended data traffic
Verify the IPSec and IKE tunnel is UP using show commands
Send end-to-end traffic, validate flows are getting encrypted/decrypted at tunnel source/destination end respectively
...