Windows 2000 Server offers a functional VPN solution. Gone are Windows NT 4.0's Point-to-Point Protocol (PPP) connections and unsecured RAS clients. In Win2K, Microsoft has completely upgraded its VPN functionality to incorporate modern security features, such as IP Security (IPSec) encapsulation and Internet Key Exchange (IKE). Win2K's VPN architecture can rely on the IPSec standard in much the same way as the majority of the products that I review here.
Win2K's VPN solution requires that a VPN server must be a Win2K Server machine in a Win2K domain environment. The VPN client can be a Win2K, NT 4.0, or Windows 9x machine. Win2K servers and NT 4.0 servers running RRAS can create router-to-router VPN connections with a Win2K VPN server. In addition, non-Microsoft PPTP clients or Layer 2 Tunneling Protocol (L2TP) clients can connect to the Win2K VPN server.
If you already have your Win2K domain structure built and working properly and you need a cheap VPN solution, I recommend looking at Win2K's VPN architecture. However, you—like most of the NT world—might still have some NT 4.0 servers lurking in your environment. Or perhaps you haven't yet converted your domain to an Active Directory (AD) structure. Or maybe you simply need stronger third-party authentication mechanisms. If any of those scenarios describe your environment, I recommend looking at one of the products in this comparative review. Each solution supports NT 4.0 and offers many robust authentication routines.