Multicast over VPNs is achievable, but requires facilities which are not available in many VPN products. There are a number of ways of approaching multicast in VPNs - a good introduction from Cisco is http://www.cisco.com/en/US/tech/tk828/technologies_white_paper09186a00800a3db6.shtml - and there are various VPN products available that implement the "draft-rosen-vpn-mcast" specification.  A site-to-site VPN which uses techniques like this would typically not use NAT and should be able to participate in GhostCast-type traffic at VPN speeds.

NAT, however, is an intrinsically more difficult thing; fundamentally, broadcast and multicast traffic require that all the receiving client software is bound to the exact same TCP or UDP source port number as seen from the sender - the network ports used by various pieces of the Ghost Solution Suite system is documented in http://service1.symantec.com/support/on-technology.nsf/docid/2002101612025325 - and thus certain ports must be excluded from NAT rewriting in order for this to work. This is something we don't explicitly support - there's a considerable variation in what different NAT products do, and how they can be configured. If you are using a kind of VPN that uses NAT, it will be unlikely to support the "draft-rosen-vpn-mcast" specification or be able to support other techniques for participating in multicast routing, so the best that is likely to be achievable reliably is unicast support.