Hello I'm trying to fix an issue I'm seeing between a ASA a Sonicwall NSA.  Both sides are reporting no proposal chosen and I believe the issue is a mismatch between the local and remote networks that are accessible. 

On the sonicwall I have the following networks setup for ipspec L2L access

sonicwall
remote
172.16.20.0/24
172.20.1.0/24
10.0.3.6/32
10.0.4.0/24
10.0.6.10/32

local
10.112.0.0/24
172.17.190.0/24
172.16.201.0/24
172.16.204.0/24
172.17.245.0/24
172.17.246.0/24
172.16.249.0/24
10.51.0.0/16
10.70.0.0/24
10.70.1.0/24
172.16.106.0/24
10.80.0.0/24

On the ASA I'm using an ACL for the crypto map match address line

and here is the list

access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 10.112.0.0 255.255.255.0
access-list acl--vpn extended permit ip 172.20.1.0 255.255.255.0 10.112.0.0 255.255.255.0
access-list acl--vpn extended permit ip 10.0.4.0 255.255.255.0 10.112.0.0 255.255.255.0
access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 10.51.0.0 255.255.0.0
access-list acl--vpn extended permit ip 172.20.1.0 255.255.255.0 10.51.0.0 255.255.0.0
access-list acl--vpn extended permit ip 10.0.4.0 255.255.255.0 10.51.0.0 255.255.0.0
access-list acl--vpn extended permit ip host 10.0.3.6 10.51.0.0 255.255.0.0
access-list acl--vpn extended permit tcp host 10.0.3.6 10.51.0.0 255.255.0.0 eq 1001
access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 10.70.0.0 255.255.255.0
access-list acl--vpn extended permit ip 10.0.3.0 255.255.255.0 172.16.204.0 255.255.255.0
access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 172.16.204.0 255.255.255.0
access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 172.16.249.0 255.255.255.0
access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 172.17.245.0 255.255.255.0
access-list acl--vpn extended permit ip 172.20.1.0 255.255.255.0 10.70.0.0 255.255.255.0
access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 10.70.1.0 255.255.255.0
access-list acl--vpn extended permit ip 172.20.1.0 255.255.255.0 10.70.1.0 255.255.255.0
access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 10.80.0.0 255.255.255.0
access-list acl--vpn extended permit ip 172.20.1.0 255.255.255.0 10.80.0.0 255.255.255.0
access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 172.16.106.0 255.255.255.0
access-list acl--vpn extended permit ip 172.20.1.0 255.255.255.0 172.16.201.0 255.255.255.0
access-list acl--vpn extended permit ip 172.20.1.0 255.255.255.0 172.16.106.0 255.255.255.0
access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 172.17.246.0 255.255.255.0
access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 172.17.190.0 255.255.255.0
access-list acl--vpn extended permit ip 172.16.20.0 255.255.255.0 172.16.201.0 255.255.255.0

Now I know its missing some stuff because unfortunately the Sonicwall was moved in a rush and some reIPing occured out there that was not updated on the ASA side.  But what I'm wondering since the sonicwall remote and local implement that all remote networks to the sonicwall can access the local will I need to build on the ASA an ACL that has rules for each local network to reach remote network to it in a 1:1 fashion

example I think I would need to create a rules permit 10.0.4.0/24  to

10.112.0.0/24
172.17.190.0/24
172.16.201.0/24
172.16.204.0/24
172.17.245.0/24
172.17.246.0/24
172.16.249.0/24
10.51.0.0/16
10.70.0.0/24
10.70.1.0/24
172.16.106.0/24
10.80.0.0/24

so 11 acl lines just for the 10.0.4.0/24 network.  And the same for all the local ASA networks. 

Or alternatively create an object for all the local networks on the ASA and all the remote networks in an object and make an ACL:  access-list acl--vpn extended permit network-group remote network-group local