I am trying to configure a VPN to a partner company with a watchguard firewall.

I am running a 5540 ASA version 7.2.

It's a pre-shared key config, and passes phase 1. I don't get any debug entries after that and no errors.

A show crypto isakmp sa gives the following:

19 IKE Peer: 64.xxx.xxx.xxx

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

But a show crypto ipsec doesn't have it listed anywhere.

My crypo config is as follows:

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map outside_map 100 match address outside_xxxxx_cryptomap

crypto map outside_map 100 set peer 64.xxx.xxx.xxx

crypto map outside_map 100 set transform-set ESP-3DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 40

authentication pre-share

encryption 3des

hash md5

group 1

lifetime 86400

crypto isakmp nat-traversal 20

My tunnel config is as follows:

tunnel-group 64.xxx.xxx.xxx type ipsec-l2l

tunnel-group 64.xxx.xxx.xxx ipsec-attributes

pre-shared-key *

peer-id-validate nocheck

isakmp keepalive disable