hello, i have one issue about site-to-site VPN 

phase 1 works fine, x.x.x.x x.x.x.x QM_IDLE 1006 ACTIVE

there is problem in phase 2, everything matches, include ACL, phase1 and 2 proposals

every tunnel with ipsec works fine, the problem is with crypto maps

here is "debug crypto ipsec" output

(key eng. msg.) OUTBOUND local= x.x.x.x:500, remote= x.x.x.x:500,
local_proxy= x.x.x.x/255.255.255.0/256/0,
remote_proxy= x.x.x.x/255.255.255.255/256/0,
protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
*Jul 15 12:46:32.988: IPSEC(validate_proposal_request): proposal part #1
*Jul 15 12:46:32.988: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= x.x.x.x:0, remote= x.x.x.x:0,
local_proxy= x.x.x.x/255.255.255.0/256/0,
remote_proxy= x.x.x.x/255.255.255.255/256/0,
protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
*Jul 15 12:46:32.988: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-aes esp-sha-hmac }

here is "show crypto ipsec sa" output

local ident (addr/mask/prot/port): (x.x.x.x/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (x.x.x.x/255.255.255.255/0/0)
current_peer x.x.x.x port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 40, #recv errors 0

local crypto endpt.: x.x.x.x, remote crypto endpt.: x.x.x.x
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0/0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

any idea?