I am trying to configure a VPN to a partner company with a watchguard firewall.
I am running a 5540 ASA version 7.2.
It's a pre-shared key config, and passes phase 1. I don't get any debug entries after that and no errors.
A show crypto isakmp sa gives the following:
19 IKE Peer: 64.xxx.xxx.xxx
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
But a show crypto ipsec doesn't have it listed anywhere.
My crypo config is as follows:
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 100 match address outside_xxxxx_cryptomap
crypto map outside_map 100 set peer 64.xxx.xxx.xxx
crypto map outside_map 100 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
crypto isakmp policy 30
crypto isakmp policy 40
crypto isakmp nat-traversal 20
My tunnel config is as follows:
tunnel-group 64.xxx.xxx.xxx type ipsec-l2l
tunnel-group 64.xxx.xxx.xxx ipsec-attributes
isakmp keepalive disable