Yeah, that's what I typically do IP MTU 1420 on the outside interface (which forces all VPN Tunnels to 1396) and then IP TCP MSS 1270.
Works for over 100 tunnels I have with other clients, but this client still sees some Group Policy issues.
We are looking at doing IP MTU right on the client Registry Keys and this seems to clear up ALL issues (With Routers set to NO IP MTU on Outside physical interface, IP MTU 1400 on Tunnels and TCP MSS 1270 on Inside interface)
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...