We are having a similar problem with IPSEC VPN. We can resolve the name fine with a ping, but some clients will not connect to Exchange. Even if we place entries in the host file, it will not work....Although we can ping our Exchange server!
The onbe thing I notice too is that the DNS of the local machine connection will kill it sometimes. For example, if you are using Comcast DNS, the query will always resolve thus no causing the machine to use the DNS servers assigned by IPSEC DHCP. The reason it always performs a successful lookup is because Comcast (and other ISP' s) will redirect you to a generic web page even if you type something in the browser like: www.54ghedksgeiksaslfchs.com. No matter what you try to resolve, if the Comcast DNS server does NOT have an answer, it will redirect you to that generic splash page..... However, this seems to mainly be a problem when querying Exchange.... Surely others have this problem?????
dt