Your concerns are valid, this would be unsecure. If your
NAT can port forward all you have to do is forward port
1723(pptp) to the internal server that is setup as VPN
server. Then you give all the vpn clients the ip of your
router. This is much more secure sense you will only have
to worry about attacks on port 1723(pptp). If you setup a
dual nic server, then you expose your server and internal
network and have to worry about all ports.

If you still need to dual nic the server I suggest at
least putting a software firewall on that machine. Or if
you have a extra pIII with a decent amount of memory in it
lying around dual nic that machine, load a software
firewall, and make that a vpn server. If you every have
any trouble you can always shut that machine down till you
get the problem fixed, and your whole network won't be
down.

>-----Original Message-----
>Hi all
>
>Just a quick question regarding setting up a VPN using
Win 2k server (latest
>SP)
>
>We currently have 5 IP address's assigned to us from our
ISP. At the moment
>we are using a NAT router which has one of the live IP
address and then all
>the machines are using the NAT box as the gateway. This
works fine for all
>traffic, SMTP etc. The NAT has limited functionality in
that it has port
>forwarding and port filtering etc.
>
>My question is that I need to set up a VPN and I have a
strong suspicion
>that I can't sit the VPN server behind the firewall and
use port forwarding
>due to how NAT handles data packets. So what I was
thinking of doing is
>putting two network cards into the server, one connected
to the internal
>network and the other connected to the 'net and then
using that as the VPN
>server.
>
>This sounds very unsecure but I'm wondering if it is just
me being paranoid
>;)
>
>I would be grateful of other recommendations.
>
>Cheers
>
>Craig
>
>
>.
>