A network engineer must establish an encrypted connection between an on-premises data center and a VPC. The engineer connects the VPC to a virtual private gateway and configures an AWS Site-to-Site VPN connection. The VPN tunnel is operational after setup. However, during the phase 2 rekey of the VPN negotiation, the customer gateway device receives parameters that differ from its configured supported parameters.

The engineer reviews the IPsec configuration of the VPN tunnel and observes that the customer gateway device is configured with the most secure encryption algorithms available in the AWS Site-to-Site VPN configuration file.

What steps should the network engineer take to troubleshoot and resolve this issue?