I've seen this at time when the internal system needed to use IPsec and the udp/500 ports were already in use by the firewall interface that terminates the other IPsec tunnels. One solution is to use a static NAT for that client so that it has it's own public IP. Another is to see if it can negotiate with the distant end using udp/4500 (NAT-Traversal).
This is what I thought initially that the same port might be used.
I was thinking to assign another public IP for the S2S tunnels or another IP for the public interface , whichever might be feasible on 1010 or easier.. your thoughts if it is possible? as I cannot change the peer VPN GW,