I will try describe this problem as simply as I can.
On our network we have several hardware VPN tunnels to customers using both Netgear and Cisco routers. These all work perfectly from our LAN.
We also have a SBS 2008 server that has routing and remote access enabled to enabled employees to access out network from home. So this is the "noddy" VPN that Windows server allows without the complication of configuring hardware in the employees home. When connected, the employees have full access to our LAN, the internet and also the aforementioned hardware VPN tunnels. Perfect!
We also have a Windows Server 2008 machine (r2) running. This also have routing and remote access enabled as a backup to the SBS 2008 RAS system. So this server uses a completely different gateway. It is just supposed to be an alternative route in. Remote clients (employees) can successfully connect to this server just as easily as they can connect to the SBS 2008 server - HOWEVER, once they are connected, they lose normal internet connectivity and they cannot access any of the hardware tunnels. They can, however, access the company LAN ok as far as I can see. They can ping the machines at the end of the hardware tunnels so the static routes on the gateway are OK, but that is as far as it goes. The lack of internet capability is equally baffling.
I cannot figure out what the differences are between the Windows 2008 RAS offering (that does not work as expected) and the SBS 2008 RAS offering (which does work as expected). It is as if there is something else I need to enable in Windows Server 2008 RAS but what?