I agree with Barry. There's something broken in the certificate trust chain. Maybe you changed the hostname of the ASG after you installed it initially. Is the VPNId of the certificate selected at the top of the 'Advanced' tab thae same as the current hostname of the ASG? When you tried with the PSK, did you 'Enable probing of pre-shared keys' on the 'Advanced' tab?
Cheers - Bob