Ipsec passthru problems connection ok but...

I have a problemwith a Nortel VPN client that cannot authenticate to windows/kerberos servers however can access other resources within the network which do not require (kerberos) authentication. The problem seems to relate directly to a particular router model (so far) - Belkin N1 MIMO. We have contacted Belkin who have suggested a firware upgrade (to 3.01.06) - this was applied but did not rectify the issue, have since downgraded to 3.01.04 as the 06 version was prerelease. The ISP have been contacted but the fault happens on different ISP connections. All test have been performed via a wired connection, however same problem does apply when using the wireless adapter.
From Users Home network - Belkin N1 MIMO (model number: F5D8631-4) / ISP1
User can login to VPN
User CAN get to Internet via company proxy
User CAN get to Internal web applications after entering username password
User CAN NOT get to Outlook, and Network Shares
From separate test ADSL Internet connection - Netcomm ADSL 2 Router / ISP2
User can login to VPN
Everything normal
Connected Belkin router to test ADSL connection / ISP - Bigpond.com
User can login to VPN
User CAN get to Internet via company proxy
User CAN get to Internal web applications after entering username password
User CAN NOT get to Outlook, and Network Shares
I have tracked the issue to some event log entries on the client computer attached as follows:
Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40961
Description: The Security System could not establish a secured connection with the server exchangeMDB/xyz.corp.com. No authentication protocol was available.
Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960
Description: The Security System detected an attempted downgrade attack for server exchangeMDB/xyz.corp.com. The failure code from authentication protocol Kerberos was ''There are currently no logon servers available to service the logon request.
(0xc000005e)''.
In my troubleshooting I have encountered mention of KB885887 which is a kerberos hotfix (http://support.microsoft.com/kb/885887/en-us), and a registry key (http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1) forcing Kerberos to use TCP rather than UDP - to avoid UDP fragmentation issues. I have tried both options and this HAS NOT improved the situation either. I have tried lowering the MTU values (1300 seemed to be a sweetspot) but this has not proved to be an adequate fix, just delaying the fault/issue for a while..

I have also tried the following on the Belkin router:
disable Firewall
placed host as DMZ host on Router
disabled UPNP
Wireshark captures directly before and after a Lock/Unlock of the workstation appear to show a failure in the Kerberos authentication process when the VPN is connected through this router, however the vpn tunnel is seemingly ok..

The simple answer would be to throw out the router and use a compatable one, but since this is a common and popular router brand it is feasable that there will be more issues of this type - it would be nice to have a solution if and when that happens.