Windows Server 2003 VPN Configuration for Use with a WatchGuard X1000 Firewall??

Hi,

I'm posting this in the hope that someone will be able to assist me with a
little challenge that I currently experiencing with a Windows Server 2003
VPN (PPTP) and a WatchGuard X1000 firewall
(http://www.watchguard.com/products/x1000.asp). So far, I have the
following configuration on the VPN server:

Internal NIC

IP Address: 10.1.0.5
Subnet Mask: 255.255.255.0
Default Gateway: n/a
DNS Servers: 10.1.0.1, 10.1.0.2 (Domain Controllers running the DNS Service)
WINS Servers: 10.1.0.1, 10.1.0.4

Internet NIC

IP Address: 192.168.0.1
Subnet Mask: 255.255.255.0
IP Address: 192.168.0.254
DNS Servers: Our ISP's DNS servers
WINS Servers: n/a

We are connected to a 2MB leased line provided by our ISP using a Cisco 1700
router with the IP address (not the real one of course, for the purposes of
security) - 125.67.6.1. The WatchGuard has the IP address - 125.67.6.2.
The internal network has been assigned the IP range 10.1.0.0/24 which has
been setup as a 'Secondary Interface' on the WatchGuard and the ISP have set
up various NATs on the WatchGuard for the Exchange server (to facilitate
mail delivery), etc.

In order to support the Windows VPN server, I asked the ISP to create an
additional secondary interface on the WatchGuard of 192.168.0.0/24, with a
default gateway of 192.168.0.254. As you can see from above, I have placed
the Internet NIC on this subnet. Then the ISP have opened TCP port 1723 for
PPTP traffic and IP protocol ID of 47 for GRE traffic. I have successfully
tested that a Windows XP client can connect to the Windows VPN server, but
the VPN client (when connected to the VPN) and the VPN server are unable to
browse the Internet. If I reconfigure the VPN object on the client, so it
doesn't use the default gateway on the remote network, the client can browse
the Internet - but I have no success at all on the VPN server.

I have seen that the VPN server and the VPN client (when connected) have no
issues resolving Internet-based domain names, as these are resolved through
a DNS Forwarder which I have configured on the 10.1.0.0/24 network as
NSLOOKUP and Internet Explorer are both successful in the name resolution,
but IE just displays 'Page Not Found'. I have seen that all name resolution
traffic takes place on the internal network, which is to be expected. I
need some way to allow the VPN server and VPN clients to pass Internet-bound
traffic out on the Internet NIC on the 192.168.0.0/24 network.

I have been talking with the ISP and they are struggling to assist, they are
said that they don't really understand what is happening - as we have a
managed firewall package, which I can't get out of for at least a couple of
months. I have done this before using ISA Server 2000 and this was fairly
simple.

Can I ask anyone to check the TCP/IP configuration of the VPN server as
indicated above and let me know if I have made a major mistake. I'm off the
frame of mind that the issue resides in the WatchGuard or in the TCP/IP
bindings on the server itself or even add a route to the VPN server to pass
Internet-bound traffic out on the 192.168.0.0/24 network, but I'm not sure.
If anybody is able to assist me with this. I would be very appreciative.

I'm pulling my hair out and I don't have much to pull out - as I shave my
head once a week If you are able to assist I would be really
appreciative.

Many thanks in advance...

Neil