The fact that you can browse the subnet once you are VPN’d in makes this an harder to pin down. Usually these issues are relating to name resolution and browsing. I assume you are pushing WINS across the VPN, so that clients can browse. Perhaps also you are pushing AD, and the VPN clients are pulling the address of the AD DNS server.
I would ask you to confirm from a VPN client that they can resolve the Exchange server, but from your email it looks like the VPN clients are in fact connecting to the Exchange server. If I am reading you correctly the timeouts occur when they are downloading email.
Also judging by your message I probably don’t have to tell you that large mailstores will take a long time to download through a VPN tunnel so I am guessing that is not the issue either.
Without seeing a packet capture in front of the Exchange server to show me what communications are transpiring when the session is dropped I can only make guesses, but I would start with a sniffer in front of the Exchange Server.
I would look for resets or TCP repeated connection attempts. These may indicate a protocol issue with some protocol being used that is not permitted through a hop, (I would look at UDP here). Also you can look for TCP Zero Windows that could indicate a buffer filling up on the server.
Another thing you could try is ensuring there is no timeout or bandwidth limits set on the IPSEC clients or Tunnel config.
One other thing to try would be switching between cached and non cached mode in Outlook and see if that impacts the timeouts. Sometimes this can have an impact.
This isn’t much but I hope it helps.