First step to verify :

is the public IP you using to tunnel peer reachable ?

both the FW FTD and other side internet facing and reachable

- is the agreed config both the side matches ?

check below guide :

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/215470-site-to-site-vpn-configuration-on-ftd-ma.html

I got phase 1 connected, but not phase 2. I have the configuration as follows. I can't see a missmatch. 

The FTD shows the following:

> show crypto ikev2 sa detail

IKEv2 SAs:

Session-id:6, Status:UP-IDLE, IKE count:1, CHILD count:0

Tunnel-id Local Remote Status Role
843825709 199.59.217.8/4500 166.137.148.169/39763 READY RESPONDER
Encr: AES-CBC, keysize: 256, Hash: SHA256, DH Grp:14, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/6494 sec
Session-id: 6
Status Description: Negotiation done
Local spi: F83AE1FE9C636591 Remote spi: 6121AC8923B4782A
Local id: 199.59.217.8
Remote id: 166.137.171.22
Local req mess id: 0 Remote req mess id: 780
Local next mess id: 0 Remote next mess id: 780
Local req queued: 0 Remote req queued: 780
Local window: 1 Remote window: 1
DPD configured for 10 seconds, retry 2
NAT-T is detected outside
IKEv2 Fragmentation Configured MTU: 576 bytes, Overhead: 28 bytes, Effective MTU: 548 bytes
Parent SA Extended Status:
Delete in progress: FALSE
Marked for delete: FALSE
Error code: Failed to find a matching policy

Error code: Failed to find a matching policy

run the debug using below guide on FTD,  (third-party VPN device -what is the other device ?)

https://www.cisco.com/c/en/us/td/docs/security/firepower/621/configuration/guide/fpmc-config-guide-v621/firepower_threat_defense_vpn_troubleshooting.html

PFS need to enable for Phase2 of IKEv2, this will build the child SA for connection.