1) For anyone who cares to give this a try and has another firewall upstream of your Astaro, the applicable ports that need to be opened are IP Protocol 50 (ESP), UDP 500 (ISAKMP), and UDP 4500.
2) I've added the VPN Pool (Cisco) to NAT > Masq (as internal network), to the Packet Filter rules (allowing all), and to the allowed networks at DNS>Global (With my internal LAN DNS servers set as forwarders).
With the Astaro not providing either a DNS config to the client, this particular means of remote access is pretty much worthless, since clients can't resolve anything. Without resolution, the client can't find any LAN resources to access them. Currently, the only options are to train remote users to access LAN resources by IP address only or deploy custom HOSTS files to the remote systems, unless I've left some configuration item out that would make this work.
This thread was automatically locked due to age.