Does your external NIC on the server have a public ip / connected straight to a router or does it go in to another router?
What is happening is (if your setup is as I expect above)-
Client looks up IP and sees that it is outside of your local network
Client goes to its default gateway (your Windows 2008 Box) and says the ip.
Windows 2008 says not here, looks up the default gateway and forwards the request to your router.
Router says, that IP is mine, but then hangs and times out!
See if your router supports NAT Loop-back. Basically, NAT inside Windows 2008 is working, but the DNS IP is your public one and RRAS does not realise that it is it's own IP, and therefore doing its job and routing to its external network.
If you say the make/model of your router, I can help you further (if it supports it)
Another way that can get awkward is to install your own local DNS server on the Windows 2008 box and refer all clients to it (make it forward queries to your current DNS servers) and force in a zone for each of your domains that have your internal records.
... Or if you only have a handful of machines and the router does not support NAT Loop-back, and you understandably do not want to buy new hardware, insert your record in to the machines' host file. This is a surprisingly efficent technique and providing you have admin access to shares, you can script this VERY easily by just placing it in a directory then doing
copy hosts \\\computer_name\c$\windows\system32\drivers\etc\hosts
And all done without a reboot!
Of course, the prefrence is just to enable NAT Loopback!
Anyway, hope I helped and this was the issue... Dreading your reply of "I only have a modem and the server is using a external ip in it's config!!"
Best Answer
I eventually found a solution to my problem. I hadn't realised it but RRAS has a built in firewall, which is not exactly brilliant. You would have thought that they would have dropped this for integration with the built in windows firewall - but no.
It has a sort of mini-firewall which requires you not only add an outbound rule for, say, http access but also an inbound rule for the responses to the outbound connections.
My error above was that I had only opened outbound http but hadn't included the second rule to permit responses. Seems a bit stupid to need to explicitly include this rule.
In any case, the various problems I had with this box are now solved.
Thanks
Ian