If ASA (acting as on end peer) is used with a non-cisco product ( checkpoint, juniper, microsoft server) for ipsec purpose, Should the asa be configured to allow any specific rules like allowing udp port ah, esp from that remote end on the outside.
thanks in advance.
Well, phase 2 policy is completely different between the 2 ends.
Assuming that crypto map 50 is assigned transform-set QWERT, the policy does not match at all.
Your end: 3DES and MD5
The peer end: 3DES, SHA1 and PFS group 2
You can create a new transform-set that has the following:
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha1-hmac
Then assign this transform-set to crypto map 50:
crypto map kepp 50 set transform-set 3DES-SHA
crypto map kepp 50 set pfs group2