Question : Problem: SITE-TO-SITE VPN - One side RRAS, other to be determined!

Okay- HOPEFULL this topic area will work- seemed appropriate to me!

I would like to create a site-to-site VPN using any recommended appliance (doesn't matter) and Windows NT RRAS.  

Location (A) will have a small network that will use the appliance and an ADSL/PPOE/DYNAMIC based internet connection.

Location (B) has a static internet connection and a Windows NT Server / RRAS.

Rather than running the PPTP clients on each workstation, i would like to use an appliance with a built-in  
PPTP client in location (A) and have it project (A) network on to the (B) network.

Anyone ever done this?  With a Dynamic connection?   I am assuming that is going to be my #1 problem since
I am going to need to find a router/appliance that will mangage the PPOE connection to the internet while handling
the PPTP connection to the RRAS server.

Thank you.

Answer : Problem: SITE-TO-SITE VPN - One side RRAS, other to be determined!

I have exactly the same setup with proxy2 on nt4 and 2 nics.
It's easy to add the firewall without changing a lot.
Here's how to do it :
- add a netscreen or zyxel on the lan with a fixed lan ip address,
  the nic with external ip address on the nt server is disabled (adapter removed in network settings)
- the untrusted side of the netscreen gets the same ip address as the 2nd nic that was on the nt server, so incoming connections are ok. Static routes (VIP on netscreen) are added from the netscreen to the nt server.
- on the internal card on the nt server the gateway address is changed to the fixed ip of the netscreen. In this way outgoing connections are ok. The users keep their old gateway address and so are still routed and logged via the proxy.

1 small remark: a big advantage of a firewall with embedded antivirus is that virusses on incoming mail are already filtered before they reach the nt server.