(1) No, VPN can be initiated by either end. It depends on the configuration of the ISA and the firewall.
(2) There is no specific proposals which work best, the key is to make sure proposals on both ends match! Else VPN will not work.
In choosing proposals the key is what kind of encryption and hash algorithm you want to use which will also translate into the amount of overheads on the vpn and also how secure you want the traffic to be.
****pls click the button " Accept as Solution" if my post helped to solve your problem****