Last time I've seen send error for phase1, it was because local-address in peer config was incorrectly set to public address, which in fact wasn't local (router was behind NAT). You say you do have NAT, but you don't set local-address for peer. You may have similar problem with policy, but I guess it should not influence phase1. But I'm not 100%, so try to experiment with that anyway.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.