If I understood you correctly I added 2 new NAT rules in order:
1. Our LAN (source 192..) to their LAN (dst. 172..) src-nat to our External IP;
2. Our LAN (source 192..) to their LAN (dst. 172..) masquerade;
One or the other will do - if you look at counters, only the first one counts, the other one never matches a packet. If the public IP is static, it is better to use src-nat as masquerade has some side effects, it removes existing connections if the address to which they are masqueraded is lost for watever reason. This is necessary for it to work properly where the public IP is assigned dynamically, but it brings unnecessary problems when the address is static.
Packets are going trough.
What exactly does that mean, or, using other words, how do you know they do? The maximum you can see at your end is that if you start pinging something in their 172...., your router sends ESP packets to their public IP at the same intervals you use for the pings, and if you stop pinging, the ESP traffic stops as well (if it doesn't, something in your LAN is trying to connect there, which is still an indication that the src-nat rule and the IPsec policy work properly).
You should not need a filter rule if your firewall is based on the default one, but as you still haven't understood that to get a useful answer, you must provide a useful input (the complete export of the configuration, except sensitive info), it will take much longer than necessary to get so the silution. And I may lose my patience somewhere in that process.