Hello Ravi
FlexVPN tunnel interfaces typically use GRE over IPsec. This means the router first encapsulates packets in a GRE header, then encrypts them with IPsec.
When you specify tunnel mode ipsec ipv4 without GRE, the tunnel becomes a pure IPsec interface or a VTI. FlexVPN supports this configuration mode, and can indeed function using IKEv2 routing as well, but you need to add some additional changes.
You must use a transform set ACL or Crypto Map ACL that permits traffic. Even though you’re using a profile (and not classic crypto maps), IPsec still requires a match for interesting traffic. Right now, your crypto ipsec profile default has no explicit transform-set ACL. So consider configuring an explicit transform set and ACL. For more info, take a look at this lesson.
Once that’s done and the tunnel is up, try pinging the tunnel interfaces. If that fails, traffic is likely not being encrypted properly. Some additional troubleshooting commands you can use include show crypto ikev2 sa and show crypto ipsec sa.
Let us know how you get along!!
I hope this has been helpful!
Laz