Assuming you are using ESP encapsulation, static NAT should work. PAT will have problems and AH encapsulation will not work. You will also need to open up an inbound ESP conduit and probably IKE (UDP 500) on the firewall.
I don't think TTL is an issue since tunnelled packets are encapsulated with new ip headers. I'm not sure if I understand everything but to use HSRP across a tunnel (assuming GRE), the HSRP virtual address would have to be configured on the tunnel it...