However, when I modify the IKE v1 Phase 1 crypto policy in pfSense to match one of the policies offered by the macOS client (during the previous unsuccessful attempt), on the subsequent attempt, the macOS client is NOT offering that EXACT crypto policy that it offered on the previous unsuccessful attempt and that is now configured in pfSense for IKE v1 Phase 1. When I modify one of these settings, the set of crypto policies offered by the macOS client (and shown in the IPSec log of pfSense - see below) changes so that the EXACT policy that IKE v1 Phase 1 crypto policy that I configure in pfSense is missing from the set of the policies offered by the MacOS client. I've tried various settings for the Encryption Algorithm, Hash Algorithm, and DH Group in pfSense. It appears to me that the pfSense is offering the crypto policy that is EXACTLY the one not offered by the macOS client.
I can't get IKE v1 Phase 1 negotiated properly between macOS 10.11.6 client using the built in Cisco IPSec client and pfSense 2.3.2
