Can you try to log on the vshield manager, find the edge gateway backing the routed network, and enable debug logging?
Then you can go through the log at the time of the connection and identify the error message. I had to go through the same process when troubleshooting an issue with IPsec NAT traversal.
