This is procedure TAC gave me 2 years ago when client had similar issue. I STRONGLY recommend you do all your backups before doing this, just to be on the safe side...but it did work.
Engineer never told us if this was from an official sk or internal, so I really cant tell you, sorry.
Procedure:
1. Open Guidbedit to network_objects -> Gateway_Object -> VPN -> isakmp.authmethods
- Change "signatures" to "pre-shared".
- Save and exit Guidbedit.
2. Open Guidbedit to network_objects -> Gateway_Object -> find certificates section
- Find defaultCert then right click and delete the cert, and save changes and close
3. Check to see if default cert is gone in SmartConsole - gateway object - IPsec VPN
- Create a new cert
- Install policy
4. Open Guidbedit to network_objects -> Gateway_Object -> VPN -> isakmp.authmethods
- Change "pre-shared" to "signatures"
- Save and exit Guidbedit.
- Install policy
5. Test VPN connection