SO we have turned off all of the firewalls and it still not working as expected.
However we did look at the TAP Adapter after we found that ipconfig was retuning a 169 ip address. Once we statically set teh ip address of the vpn then we were able to ping both directions. We could ping the GW both direction at all times.
Not sure the lost ip is because of the bypass secondary authentication however that was the only difference between the 2 profiles.
Even after setting it staticly on the device, once it disconnected and reconnected it would lose the ip at random.