I really don't work with windows2000 vpn as it pretty much sucks. The original post on this thread talks about using Nortel and Lucent VPN gear which works wonderfully. I still don't understand what ALISTER is trying to accomplish. I've had little or no trouble using Nortel VPN conentrators with software clients. Works like a champ.
Using windows 2000 to terminate VPN tunnels can work as .dark described. Just configure your inbound static NAT and permit only inbound/outbound needed ports and you're all set. I don't consider this to be a public 2000 server as you have some kind of control with your firewall/nat device and the rules on this. This scenario begs for some kind of DMZ zone. By definition a DMZ zone allows inbound connections from unknown hosts. DMZ hosts in turn have some ability to connect to internal hosts.
Using windows 2000 to terminate VPN tunnels can work as .dark described. Just configure your inbound static NAT and permit only inbound/outbound needed ports and you're all set. I don't consider this to be a public 2000 server as you have some kind of control with your firewall/nat device and the rules on this. This scenario begs for some kind of DMZ zone. By definition a DMZ zone allows inbound connections from unknown hosts. DMZ hosts in turn have some ability to connect to internal hosts.