VPN Performance issues internal/external and MTU

[Oceanswave]

I am a customer service tech who has ran across a rather odd problem (well, its not a problem now...I will explain). I have an end user who is on DSL and using VPN to connect to the office. He can connect just fine and the performance on the internet is excellent but when he goes outside to the intranet such as yahoo, msn, cnn...it doesn't matter what site he goes to, the performance is HORRIBLE (meaning...it takes 5-10 minutes just to load a page which is ridiculous yet a bit puzzling for a non network person. I did a little research and discovered the MTU (Maximum Transmit Units), and this person had the MTU settings set to default (which from what I understand is 1500 on win2000) The reason that the MTU setting on our VPN users client machines needs to be set lower than 1500 is due to the amount of extra bytes that we are adding to an ESP packet (by using MD5 and 3-DES encryption). Using this set of IPsec variables, we are adding between 52-56 bytes to the header.

Some web servers are set to not allow the establishment of a TCP session when receiving more than 1 initial packet. When you add the 52-56 bytes to the header, you have the possibility of attempting a connection with 2 packets. Some web servers do not care, and accept this and some will not.

I modified this persons MTU settings from the default to 576 and had him reboot and the performance problem went away. I had him do a couple tests for me by pinging various sites with the MTU setting at 576 and also at 1400 and the ping results was 60ms which is good and this was the same for both MTU settings.

Bottom line....my question is this: When the user had his MTU set to default (1500) why was his performance internally good then bad when he went out into the internet?
It seems to me that by decreasing the MTU should have made his performance WORSE instead of better.

Just trying to understand