VPN

[Site1]

This problem has genuinely hurt my head, I'll try my best to describe the issue, any help would be massively welcomed!

Site1
Internet - > BT Modem (10.100.10.1) -> (Wan.10.100.10.2/24)M0n0wall(Lan.172.18.0.2/16) -> Local Network

Site2
Internet - > Draytek 2820 (10.90.19.1) -> (Wan.10.90.19.2/24)M0n0wall(Lan.172.17.0.2/16) -> Local Network

Site3
Internet - > Draytek 2800 (10.80.20.1) -> (Wan.10.80.20.2/24)M0n0wall(Lan.172.19.0.2/16) -> Local Network

There are a domain controller and an exchange server at each site.

Now, the interesting part. All 3 sites are connected via IPSEC connections. You can ping accross servers fine with replies. By UNC Site3 can access Site2 and Site1, also the reverse Site2 and Site1 can access Site3 BUT Site 2 and Site3 typically the busy sites cannot access UNC you simply get a network provider error or error 53 network path not found. I know it's not a software issue because it's happening on ALL 4 servers on Sites 1&2. I've also used nmap to diagnose open ports and only 2 or 3 are showing as open between the vpns on 1 & 2 whereas about 10-15 show as open on site3.

Is there something that might have blocked VPN Subnets from communicating in some way, this has been working for a long time fine!?

Any help appreciated.

Thanks