Hi, I'm currently working to solve this issue:
after configuring RRAS with VPN + NAT options, my main server (single public NIC) becomes unreachable, so I need to access it via external KVM switch connection provided by my ISP.
This Issue seems related to the NATting of the VPN clients.
I've temporarily SOLVED this issue setting the "IP Security (IKE)" and "IP Security NAT Traversal (IKE)" as unflagged,
in the Port And Services Tab of the RRAS NAT properties.
That way, all VPN clients can traverse the VPN tunnel, with no autentication problems, and the Server stays online and pingable.
Still searching for an explanation of the problem, and guessing about my solution's related security problems.
Sorry for poor English...
Cheers
Flavio