I did not put either of the firewall's external interfaces in the remote network configuration. I assume that is the correct approach?
What is interesting, is that when I perform a trace route from within the North site to the internal interface of the South ISA firewall I consistently get the first hop being the North ISA Firewall, followedby 8 timeouts, finally followed by a reply on the 10th try.
I'm assuming that it's finally replying on RST, and if that is the case, perhaps DNS is not working over IPSec due to it being such a small packet.
One thing I made sure of, is that I am not filtering IP fragments, but who knows with IPSec, it could be 'doing its own thing'.
I'm going to try PPTP next and see if that helps, unfortuneatly I've been working from home (location of the 'North' ISA Server) and forgot to add rules in for remotely managing South (at work), so I'll try it out tomorrow evening and let you all know Wednesday at the latest.
Thank for your help and interest, and wish me luck