Because of the dynamic IP allocation from the ISP (either on the office side or home side), what would be the best VPN solution for them? IPsec requires static endpoints, which I obviously cannot guarantee will be there. Is PPTP (Point-to-Point Tunneling Protocol) a valid solution? If so how can I set it up for access to the single PC, yet still allow internal PCs at the SOHO access to the Internet as well as the application server?
I've struggled with this myself. You're right that IPsec isn't the right solution, and Microsoft isn't recommending PPTP for anything anymore. My answer to the problem has been Remote Desktop. Remote Desktop gives the remote computer access to the XP Pro system's desktop, and it can work with dynamic DNS and across a DSL connection.
Of course, that doesn't solve the problem of a dynamic IP address. You'll need to know the IP address of the server to connect to it. The most reliable way to handle this is to use a DNS address and configure dynamic DNS. Many organizations can sell you a .com, .net or .org domain name. For a complete listing of these organizations, visit InterNIC's Web site.
Many companies offer dynamic DNS (DDNS) management service for a small fee, and many others provide the service free of charge. Many of these providers offer software that runs on your server to notify them of IP address changes. To find such a service, visit Dynamic DNS's Web site or this Web site. You can also try searching for "Dynamic DNS Management."
At your server's firewall, you'll need to forward TCP port 3389 to the server to allow Remote Desktop through.
A good article on how to configure Remote Desktop is Using Remote Desktop: Set up your computer for Remote Desktop.
This was first published in February 2003