Thanks for this.... it helped me get to the right direction. First I had to enable the IKE-ESP ALG, but this alone did not get things working even though my policy was set to match any application. Next I had to create the custom applications and replace the any in my policy with these...
set applications application custom-ike-alg application-protocol ike-esp-nat
set applications application custom-ike-alg protocol udp
set applications application custom-ike-alg source-port 500
set applications application custom-ike-alg destination-port 500
set applications application custom-ike-nat protocol udp
set applications application custom-ike-nat source-port 4500
set applications application custom-ike-nat destination-port 4500
Phone is now conencting.
Thanks!