When you install a tunnel you need to have the correct IP addresses, or the tunnel will not come up.
To obtain the correct address, especially useful when the tunnel is via a NAT connection, do the following:
1. Install the tunnel server on the "outside" of the DMZ.
2. Before you complete the client certificate
A. Go to the client server (HUB)
B. Launch a cmd window
C. Telnet to the tunnel server on port 48003.
D. Go to the tunnel server
a. Launch a cmd window
b. Do a net stat. Look for a connection on port 48003.\
c. The IP address on this port will be the access of the client as seen by the server.
3. Use this address as the client IP address on the server side client certificate.