On your Connection Server do you have "Use Blast Secure Gateway ..." ticked?
I know you said all ports are open on the firewall from the outside to the Security Server, but check the external firewall logs just to be sure.
If it's still not working, use Wireshark or similar on the client machine and Security Server to verify where it is being blocked.
Mark