Should those attributes (encryption, integrity, DH group, PFS group and lifetime.) be the same on both sites? What happened if they are different? Will exchange of SA fail and no site-to-site VPN in the end?
When implementing the IKEv2 proposal, you must implement the following for it to be considered complete:
at least one encryption algorithm
at least one integrity algorithm
at least one DH group
For each of these, you can configure multiple types. For example, you can configure encryption like so:
ASA1(config-ikev2-policy)# encryption aes 3des
The ASA will attempt to negotiate the encryption method in the priority order that you place the commands. The two ASAs must agree on the encryption method in order for an SA to form.
The same is true about the group. You can configure it like so:
ASA1(config-ikev2-policy)# group 2 5
Where group 2 will be attempted first, and if it fails, group 5 will be tried.
The prf sha command is essentially the same as the integrity algorithm.
So to answer your question, the pair of ASAs will attempt to find the same encryption, integrity, and group numbers in order to successfully create an SA. Otherwise it will fail.
However, for IKEv2, the lifetime values can be different, since lifetimes are not negotiated, in contrary to IKEv1.
Take a look at this Cisco documentation for more information.
The following Cisco documentation details some debugs that can be used for debugging IKEv2.
As stated in the document, keep in mind that:
The packet exchange process that is used in IKEv2 is radically different from that used in IKEv1. With IKEv1, there is a clearly demarcated phase1 exchange that consists of six packets followed by a phase 2 exchange that consists of three packets. The IKEv2 exchange is variable.
Another useful document that will help you further is the following:
Inform us of how you get along and if you need any more specific information, feel free to let us know!