said by meowBB:
The issue is resolved by changing the MSS and checked the 'Ignore "Don't Fragment" setting in IP header"' on the "VPN Connection" page.
I 'hate' you!
... you know how much time I spent debugging and sniffing the traffic and didn't catch this?!#!
The "Ignore "Don't Fragment" setting in packet header" did the trick! Didn't even have to tinker with MSS.
THANK YOU, SIR!!!
Now the question, is this FW 3.0 bug or not? It was working on 2.2 without this having checked. Or was 2.2 buggy?