while struggling converting an old working configuration from a NSA 3500 over to a NSa 2650 I experienced that SonicOS is handling IKEv2 a bit different than before. The tunnel never comes up and the Mikrotik was complaing about not finding a peer for the provided IKE ID. Which is odd, because the new SNWL was configured exactly the same like before.
To get the tunnel working again I needed to configure the PRF Algorithm on the Mikrotik side:
It was related to the PRF Algorithm which isn't configurable on the SNWL side. AFAIK it has to be the same as configured for Authentication in the SNWL VPN Profile.
Cisco does it in a similar fashion according to this.
Hope this helps if someone else falls into this trap.