We have an issue with RA users establishing VPN to GW and what I found in logs this:
Main Mode Failed to match proposal: Transform: AES-256, SHA1, Pre-shared secret, Group 2 (1024 bit); Reason: Wrong value for: Authentication Method
After some investigation, I found out that IPSEC VPN default certificate of the GW was expired.
Renew the certificate, installed policy and RA users were able to login again.
Just wanted to leave this info here, in case someone has the same issue.
There is no useful information in knowledge base about it.