I am working on a similar problem  Phase 2 S2S tunnel not coming up - the debugs suggest ACL mismatch. One end Cisco IOS FWL other end MX8x . Remote MX ( managed by third party) has multiple MX and couple of non-Meraki VPN peers working fine . This tunnel is Policy based IPsec Tunnel  bound by ACL, apparently there is a limitation at the head end MX which cannot assign  a specific ACL to this IPsec tunnel - Also a route based VTI tunnel to MX is not an option either- so we are stuck in this state of phase 2 failing at Cisco end - I am not an MX expert  , but about to propose a similar solution to bypass this MX ... View more

Could you post here which step is required to check? I have the same issue. We are migrating our old sophos to MX. ... View more