ISAKMP States in ASA :

MM_WAIT_MSG2 : Initial DH public key sent to responder. Awating initial contact reply from other side. if stuck here it usually mean the other end is not responding. This could be due to no route to the far end does not have isakmp enabled on the outside or the far end is down.

MM_WAIT_MSG3 : Both peers have agreeded on the ISAKMP policies. Awating exchange of keying information. Hang up here may be due to mismatch device vendors, a router with a firewall in the way or even ASA version mismatch.

MM_WAIT_MSG4 : In this step the pre-share key hashes are exchanged. They are not compared or checked, only sent.If one side sends a key and does not receive a key back, this is where the tunnel will fail. I have seen the tunnel fail at this step due to the remote side having wrong peer ip address due to the remote side having wrong peer ip address. Hang up here may also be due to mismatch device vendors, a router with a firewall in the way or even ASA version mismatch.

MM_WAIT_MSG5 : This step is where the device exchange pre-shareed keys. If the pre-shared keys do not match it will stay at this MSG. I have also seen the tunnel stop here when NAT traversal was on when it needed to be turned off.

MM_WAIT_MSG6 : This step is where the device exchange pre-shared keys. IF the pre-shared keys do not match it will stay at this MSG. I have also seen the tunnel stop here when NAT traversal was on when it needed to be turned off. However if the state goes to MSG6 then the isakmp gets reset that means phase 1 finishes but phase 2 failed. Check that ipsec setting match in phase 2 to get the tunnel to
MM_ACTIVE.

MM_ACTIVE : This isakmp negotiation are complete. Phase 1 has sucessfully completed.

ISAKMP states in Routers :

Main Mode :

MM_NO_STATE : There is an isakmp SA, but none of the parameters have been negotiated yet.

MM_SA_SETUP : The device have negotiated a set of parameters for the SA, but have not yet exchanged
any key information.

MM_KEY_EXCH : The devices have used the DH algorithm to create a common key, but they have not yet
authenticated the session.

MM_KEY_AUTH : The devices have authenticated the SA. They can now proceed to Quick Mode.

Aggressive Mode :

AG_NO_STATE : There is an isakmp SA, but none of the paramaters have been negotiated yet.

AG_INIT_EXCH : The device have initiated an Aggressive mode exchange

AG_AUTH : The device have completed an Aggressive mode exchange and authenticated the SA. They
can now proceed to Quick Mode.