Firewall – server 2008 firewall for file sharing (local subnet access only)

While it's possible to do what you're trying to do strictly with RRAS and the Windows Firewall, it's going to be a fairly complex configuration, and will not be secure if not properly configured. You may find that operating system patches impact the functionality, as well. I don't know that I'd be very trusting that this, once setup, would continue to work properly in the face of patches.

To my mind, you would spend a lot less time on this if you invested in a hardware firewall / VPN appliance to sit in front of the remote web server computer to terminate a VPN there. If you're able to do that, you'll end up with a solution that I would expect to be a lot more robust.

Local IP addresses are referring to IP addresses of adapters on the server itself. Let's say you have a multihomed server with 192.168.0.2 and 10.10.10.10. If you specify only 10.10.10.10, the firewall will not consider the rule as matching to the traffic if it hits 192.168.0.2 instead.

Remote IP addresses are the source IP address from which the traffic came from. If you put in 20.20.20.20, then the rule will only apply if the traffic came from that IP address.

In this example, if you wanted to block domain authentication traffic from the adapter with the public IP address, you would specify the public IP address(es) for the local IP, and all remote IP's for the rule set to deny this traffic.

To allow it for the local IP'ed adapter, you would make a rule that specifies the internal IP address for local, and then the range of IP addresses that would include your domain controllers as remote, with an allow rule.