Working on a (first time) test install of campaign v7 on a Debian 8 server and after following the install instructions, I get the following when I try connecting the console program for initial configuration. "403 Forbidden: You don't have permission to access /nl/jsp/soaprouter.jsp"
Please may you check with your Adobe Campaign administrator the security zones section in the serverConf.xml file?
Your IP address (public or private) should be declared as a range in the LAN+VPN element. Usually it is done through an IP private addresses range in order to allow a company department (few people) to accede the AC with the Adobe Campaign client. And larger range for other accesses.
I had this same problem and checked the error log for apache (httpd.service) and found the same repeating error every time this message was thrown (in browser and in my client login)- in my instance the issue was apache permissions. The fix was creating a new <Directory /[dirname here]/> block that granted permissions to all users cascading down from the earliest relevant folder.
I can't say if this is the answer you're looking for but the symptoms seem the same down to the /r/test returning success but still getting the exact same 403's.
So it means there are not physical or Windows firewalls issue, nor network routing one, nor Apache or Tomcat misconfiguration.
It was quite obvious for Apache, seeing nothing in its log file (access.log).
Now, you should check again the serverConf.xml file to understand the issue.
But beforehand, please repeat the steps of installation checks. The soaprouter can't be acceded directly, except if you provide the credentials as post parameters (login or better token session). See API documentation for that.
So the easiest way to check is to use the Adobe Campaign client, or the web version of Adobe Client: