L2TP/IPsec - Android to FVS336Gv3 - "the length of the isakmp header is too big"

Yes, it expects Mode Config. Basically, you can follow that guide, but select the "Edge Device" radio button under "XAuth Configuration", then add a user on the "Users" page of type "IPSEC VPN User". Be aware that this will break compatibiltiy with the Windows built-in VPN client, since it doesn't support XAuth. I have found limited success on Windows using the "Shrewsoft" free VPN client, but it has issues with DPD randomly failing, and also seems to be abandonded (last update in 2013). I have been looking into the "Green Bow" Windows VPN client recently, but haven't finished evaluating it. BTW, all of this madness is why many people are moving to OpenVPN, or historically have used proprietary VPN clients. For decades, built-in IPsec clients have ranged from passable to absolutely horrendous, in terms of compatibility and performance. OpenVPN seems to be the future here.

As far as encryption algorithms, my S7 didn't really seem to care, between 3DES-SHA1 or AES128/192/256-SHA1 on either IKE (phase 1).= or Mode Config (phase 2). I have always used DH group 5, but I imagine it will accept no DH group as well.