I had a customer who has a SBS 2003 SP1 Server with ISA 2004 who uses a VPN off their client machines to a site that they submit claims too using the ATT Global Dialer. Well I got the sheet from them on Ports and IP’s that needed to be allowed to do there certain parts and got them all added but the workstations still would not connect. They keep getting error 223 VPN port in use. I finally tracked it down to on the SBS Server I had to go to the registry and add Port 4500 to HKey_Local_Machine\system\CurrentControlSet\Service\Tcpip\Parameters in the Reserved Ports and I had to add 4500-4500 and then I could allow a VPN to initiate from the inside out. It seems to be the problem that a certain Windows Update allowed something else to take over this port. Once I defined this as reserved then the Clients was good. When I get the exact article I will post that info also.
Til later just Roger