Hello,
What is the remote end site? Is it a PIX or an ASA or a router.
If it is a router, would it be possible to implement the command "crypto ipsec df-bit clear" on the global or interface level. See if that makes a difference.
From the client side, can you ping the server with an MTU of 1350.
command would be : ping ipaddress -l 1350
If you get a response, increase the setting by increments of 5. i.e 1355, 1360, etc...see where it fails. If you do not get a response at one point, go back to the previous MTU setting then increase it by increments of 1 or 2, see where it fails and get the MTU where it works.
Set it on the client and see if that makes a difference.
On the head end side, take a sniffer capture and see where it fails. Sniffers would help you out.
Hope this helps.
Cheers
Gilbert