I believe I've found the problem. When logging into the ACC (192.168.0.2) and looking at the Packet Filter log I see several entries for:

2009:05:14-19:13:19 HOSTNAME ulogd[3146]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth0" outitf="eth0" dstmac="xx:xx:xx:xx:xx:xx" srcmac="00:00:00:00:00:00" srcip="yyy.yyy.yyy.yyy" dstip="192.168.0.2" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="40092" dstport="4433" tcpflags="SYN"

I double checked and I have the settings under gateway management to allow "Any" for the networks both for access control and device security. The ACC WebAdmin doesn't have anywhere where I can set up a rule to accept these packets. Do I have to SSH and add the entry manually?

***UPDATE***

I've switched the "Allowed Networks" in the Device Security tab of the ACC to the individual hosts instead of "Any". I am not getting any blocked packets in the packet filter on the ACC. I believe the entries in the packet filter mentioned above were from when I was changing the Allowed Hosts. So I still do not know what the problem is. Help?


***UPDATE AGAIN***

Problem Solved

After some troubleshooting with WireShark I could see that the ACC was receiving the SYN packets from the remote ASG but no ACK packets were being sent back. Tried to ping the remote ASG from the ACC, no response.

Here's what I did wrong:

On my ACC I had configured the internal interface with the IP address 192.168.0.2, subnet 255.255.255.0, and a gateway of 192.168.0.1. The problem was I didn't have a check in the box for Default Gateway. Once that was checked everything worked fine. That's embarassing.