Whoa! I think we're getting confused on the nomenclature here.
You said that you want to connect to a VPN server on the DMZ segment from an internal network client. Correct?
If that is the case, you do not need to configure the VPN server on the ISA Server. You just need to configure the ISA Server to allow PPTP passthrough. The actual VPN server configuration would need to be done on the DMZ host computer.
Your IP configuration looks good for the DMZ and the internal network. I was concerned that maybe the internal network and the DMZ were on the same network ID
Interesting problem! The reason why its interesting is that you want to make the ISA Server a VPN server that will allow you access to the DMZ network. This issue here is that if you VPN into the DMZ via the ISA/VPN server, the internal interface of the ISA/VPN server (the LAT network interface) is actually the EXTERNAL interface for the VPN! I don't know if that would work, as I haven't tested it, but it certainly has the potential for confusion.
As for accessing shares on the DMZ, bastion host computers should never has the Server service enabled *EVER*. Well, I shouldn't say that, because if you aren't concerned about them getting broken into, allowing shares on them is a great way to make new friends in the hacker community