Hello Suren,

I see, please attach, either the show tech of the ASA and indicate which the crypto map is for the Watchguard, or just copy and paste the crypto map configuration for this site to site.

Either ways, I have worked on cases like these one, and sometimes the issue is related to phase 2 or because the Watchguard device work on "agressive mode", but I´d rather analyze what the problem is here. I am going to attach an example of site to site configuration for ASA:

Phase 1:

crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400

crypto isakmp enable outside

tunnel-group 20.20.20.1 type ipsec-l2l
tunnel-group 20.20.20.1 ipsec-attributes
  pre-shared-key cisco123

Phase 2:

access-list 100 permit ip  172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0 
crypto ipsec transform-set mytrans esp-3des esp-sha-hmac

crypto map mymap 20 set peer 20.20.20.1 --> watchguard Outside IP address
crypto map mymap 20 match address 100
crypto map mymap 20 set transform-set mytrans

crypto map mymap interface outside

Pre NAT 8.3:

access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0 
nat (inside) 0 access-list nonat

NAT 8.3:

object network obj-172.16.1.0

subnet 172.16.1.0 255.255.255.0

object network obj-192.168.1.0

subnet  192.168.1.0 255.255.255.0

nat (inside,outside) 1 source static obj-172.16.1.0 obj-172.16.1.0 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp route-lookup

--------------------------------------------------------------------------------------------------------------------------

Also attach the --> show crypto isakmp sa 

I will wait for an update on this

Best Regards,

David Castro

Cisco TAC Support Engineer, Team VPN