Hello Suren,
I see, please attach, either the show tech of the ASA and indicate which the crypto map is for the Watchguard, or just copy and paste the crypto map configuration for this site to site.
Either ways, I have worked on cases like these one, and sometimes the issue is related to phase 2 or because the Watchguard device work on "agressive mode", but I´d rather analyze what the problem is here. I am going to attach an example of site to site configuration for ASA:
Phase 1:
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp enable outside
tunnel-group 20.20.20.1 type ipsec-l2l
tunnel-group 20.20.20.1 ipsec-attributes
pre-shared-key cisco123
Phase 2:
access-list 100 permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
crypto ipsec transform-set mytrans esp-3des esp-sha-hmac
crypto map mymap 20 set peer 20.20.20.1 --> watchguard Outside IP address
crypto map mymap 20 match address 100
crypto map mymap 20 set transform-set mytrans
crypto map mymap interface outside
Pre NAT 8.3:
access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list nonat
NAT 8.3:
object network obj-172.16.1.0
subnet 172.16.1.0 255.255.255.0
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) 1 source static obj-172.16.1.0 obj-172.16.1.0 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp route-lookup
--------------------------------------------------------------------------------------------------------------------------
Also attach the --> show crypto isakmp sa
I will wait for an update on this
Best Regards,
David Castro
Cisco TAC Support Engineer, Team VPN