I have an update on this. it seems that my remote subnet entry was /16, while the actual remote subnet was /22…
the debugging on the cisco was way more helpful in determining the problem at the end of the day. for those in a similar situation you will need to run the following on a PIX/ASA to see what you need.
debug crypto isakmp
THEN. i got a ping ready on pfsene, to ping the inside address of the remote endpoint (after creating firewall rules) and did the following
terminal monitor
-execute ping on pfsense now.
-after you see the Group = xxxx entry in the logs and think you have what you need
terminal no monitor
this will keep it from scrolling off your buffer until you can figure our what it going on.