Does your external NIC on the server have a public ip / connected straight to a router or does it go in to another router?
What is happening is (if your setup is as I expect above)-
Client looks up IP and sees that it is outside of your local network
Client goes to its default gateway (your Windows 2008 Box) and says the ip.
Windows 2008 says not here, looks up the default gateway and forwards the request to your router.
Router says, that IP is mine, but then hangs and times out!
See if your router supports NAT Loop-back. Basically, NAT inside Windows 2008 is working, but the DNS IP is your public one and RRAS does not realise that it is it's own IP, and therefore doing its job and routing to its external network.
If you say the make/model of your router, I can help you further (if it supports it)
Another way that can get awkward is to install your own local DNS server on the Windows 2008 box and refer all clients to it (make it forward queries to your current DNS servers) and force in a zone for each of your domains that have your internal records.
... Or if you only have a handful of machines and the router does not support NAT Loop-back, and you understandably do not want to buy new hardware, insert your record in to the machines' host file. This is a surprisingly efficent technique and providing you have admin access to shares, you can script this VERY easily by just placing it in a directory then doing
copy hosts \\\computer_name\c$\windows\system32\drivers\etc\hosts
And all done without a reboot!
Of course, the prefrence is just to enable NAT Loopback!
Anyway, hope I helped and this was the issue... Dreading your reply of "I only have a modem and the server is using a external ip in it's config!!"
It sounds like you are looking for a proxy or gateway solution not necessarily a VPN.
If you want to enforce a policy using the 2003 server for Internet traffic you will need to either block all other hosts from the Internet by using your router's configuration tools or setup the 2003 server as a router and connect only it to the Internet. The first method is usually easier to implement but can cause some user confusion.
Depending on your needs you may want to also setup automatic proxy configuration.
I know this answer is somewhat general. I hope I covered it with enough information to get you pointed in the right direction.
Normally VPNs are used to connect hosts and networks privately across public networks. Proxies are used to enforce network policies on traffic crossing a network boundary. Gateways (routers) are used to actually pass traffic across boundaries.
Best Answer
You need to get your win2k box (3.) to do Network Address Translation with RRAS. It is possible, but painful.
I would personally either replace 3b with a DSL modem that will terminate & NAT the connection, or upgrade 3. to Windows Server 2003, which does allow NAT without so much pain.