Couple of things to look at…
Are there any logs on the linux system indicating what, if anything the firewall is dropping?
If that doesn’t offer anything, then I’d use a sniffer (ethereal is the right price)to see what the differences are between inside and outside traffic.
You might also see if there’s a configuration option for IPSec over UDP/TCP to see if that makes a difference.
Also see if there are any “keep-alives”, or if something may not be getting correctly translated by the linux firewall.