remote log (probably cisco) shows "wrong key lenght", local pfsense log show phase1 established

nuclearstrength

we are setting up an IPSec with a remote, not under our control, firewall, probably a cisco (big company).
on our side the logs show this, the status says phase1 is connected but no children are being connected.

14[IKE] <con1000|1> received NO_PROPOSAL_CHOSEN error notify
14[ENC] <con1000|1> parsed INFORMATIONAL_V1 request 68024464 [ HASH N(NO_PROP) ]
14[NET] <con1000|1> received packet: from REDACTED[500] to REDACTED[500] (92 bytes)
14[NET] <con1000|1> sending packet: from REDACTED[500] to REDACTED[500] (188 bytes)
14[ENC] <con1000|1> generating QUICK_MODE request 3188860941 [ HASH SA No ID ID ]
14[CFG] <con1000|1> REDACTED|/0
14[CFG] <con1000|1> proposing traffic selectors for other:
14[CFG] <con1000|1> REDACTED/32|10.1.0.2/32
14[CFG] <con1000|1> proposing traffic selectors for us:
14[CFG] <con1000|1> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
14[CFG] <con1000|1> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
14[IKE] <con1000|1> received NO_PROPOSAL_CHOSEN error notify
14[ENC] <con1000|1> parsed INFORMATIONAL_V1 request 1260953192 [ HASH N(NO_PROP) ]
14[NET] <con1000|1> received packet: from REDACTED[500] to REDACTED[500] (92 bytes)
14[NET] <con1000|1> sending packet: from REDACTED[500] to REDACTED[500] (188 bytes)
14[ENC] <con1000|1> generating QUICK_MODE request 3985519151 [ HASH SA No ID ID ]
14[CFG] <con1000|1> REDACTED|/0
14[CFG] <con1000|1> proposing traffic selectors for other:
14[CFG] <con1000|1> REDACTED/32|10.1.0.2/32
14[CFG] <con1000|1> proposing traffic selectors for us:
14[CFG] <con1000|1> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
14[CFG] <con1000|1> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
14[IKE] <con1000|1> maximum IKE_SA lifetime 86098s
14[IKE] <con1000|1> scheduling reauthentication in 85558s
14[IKE] <con1000|1> IKE_SA con1000[1] established between REDACTED[ipsec.delphis.it]...REDACTED[REDACTED]
14[ENC] <con1000|1> parsed ID_PROT response 0 [ ID HASH ]
14[NET] <con1000|1> received packet: from REDACTED[500] to REDACTED[500] (92 bytes)
14[NET] <con1000|1> sending packet: from REDACTED[500] to REDACTED[500] (124 bytes)
14[ENC] <con1000|1> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
14[ENC] <con1000|1> parsed ID_PROT response 0 [ KE No ]
14[NET] <con1000|1> received packet: from REDACTED[500] to REDACTED[500] (184 bytes)
14[NET] <con1000|1> sending packet: from REDACTED[500] to REDACTED[500] (196 bytes)
14[ENC] <con1000|1> generating ID_PROT request 0 [ KE No ]
14[CFG] <con1000|1> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
14[CFG] <con1000|1> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
14[CFG] <con1000|1> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
14[CFG] <con1000|1> proposal matches
14[CFG] <con1000|1> selecting proposal:
14[IKE] <con1000|1> received FRAGMENTATION vendor ID
14[ENC] <con1000|1> parsed ID_PROT response 0 [ SA V ]
14[NET] <con1000|1> received packet: from REDACTED[500] to REDACTED[500] (108 bytes)
16[CFG] received stroke: initiate 'con1001'

===

on the remote side the log message that was shared with us says:

"IKE: Quick Mode Failed to match proposal: Transform: AES-128, SHA256, Tunnel Reason: Wrong value for: Key Lenght"

===
the configuration is supposed to use AES-256, SHA256, and it has been setup like this on our side, even the logs show that and on our side the logs show the crypto proposal has been accepted, which doesn't really make sense considering on their side the logs seem to be different and point to an issue in phase1 while we get an error in phase2 (NO_PROPOSAL_CHOSEN I think applies to phase2).
we are also doing NAT/BINAT from a local LAN address to a public IP address, this needs to be because of limitations on the remote end, but as far as I can tell the issue here seems to be at phase1 with crypto according to their logs and mismatch of phase2 mappings according to our logs, which is very weird on it's own to me, why do their logs show we are proposing AES-128 when we setup AES-256 and our logs show those matching?