I have had a problem where my TMG servers where having their L2TP ports switched back to the routing every time they rebooted or TMG settings where changed, turns out that it was a setting in the TMG server causing the problem. In the Remote Access Policy (VPN) section, there is "Verify VPN Properties" option, I clicked that and saw that L2TP was not checked. So I checked it, and poof, now they get set as RAS/Routing. But, that only fixed one of the 2 servers. The problem on the second server had to do with not enough DHCP address available in the pool. I reduced the number of available VPN connections and then the ports where marked as RAS/Routing.

So, quick summary, make sure the L2TP option is checked in the Verify VPN Properties, and make sure there are enough IP addresses available in the DHCP pool. (This would only apply if you are using DHCP to assign VPN client IP's)