Our IPsec remote access is set to encrption 168-bit 3DES
If we want to allow a remote user to go out a tunnel to another site does the encryption for the Tunnel have to be 3DES as well?
Currently this tunnel is set to AES.
If I understand your question the answer is this:
The VPN client will connect to the ASA with whatever encryption method it chose.
If the VPN client then goes through a Site-to-Site tunnel to another location, it will then use the encryption method specified in the Site-to-Site tunnel.
This is because the parameters for the VPN client apply only when terminating the VPN on the ASA.
When the traffic from the client, goes through a different tunnel, the parameters for this tunnel applies.
Hope I am answering your question, otherwise please let me know.