If I make a dedicated box into a terminal server with 2 NICs (this is a member server from the DC), is it possible for me to use Routing and Remote Access to share the internet connection, port forward my web server and other servers as well as set up VPN? Do you guys recommend this setup? I had a linksys WRT300N and Routing and Remote Access VPN has always been a problem with it. The only thing I liked about the router is that there is no split horizon, I can access the port forwards internally as well.

What you're trying to do sounds like more work than you should need to do. How about the following: - leave internet access for internal clients flowing through the router. - put web servers in the DMZ on the router - Setup a member server within your domain that is running RRAS and use it for VPN connectivity. You would likely need to put this in the DMZ as well or else you would have to setup a port forward which is again, more work. This seems to me to not only make more sense, but it's less work for you to setup and to maintain and/or troubleshoot. Always, always, always apply the KISS principle (keep it simple) to anything you do within in a network or domain so as to make upkeep, changes, additions, and troubleshooting as easy as possible. Don't forget to document.

My router had issues with VPN, even with DMZ, that is why I prefer connecting the internet directly to a member server, i.e. terminal server. I thought DMZ can only go through one machine at a time. Am I mistaken?

If there's something wrong with your SOHO router, replace it. A router that's capable of DMZ and VPN would be more likely what you need. At least, this would eliminate the need for a VPN server if your router is capable of establishing one. I thought DMZ can only go through one machine at a time. Am I mistaken? I'm not sure what you mean by "only go through one machine at a time". What do you mean by "go through". I suspect you don't fully understand what a DMZ is and what it does. May I suggest you google "DMZ" and then quickly read the wikipedia entry and any others you desire if that one doesn't explain it clearly enough.

I know what DMZ Means, its when you allow one computer to have full access to the external network, in this case, the internet. Based on what you are saying Curt, I can do a DMZ to many computers at once. Anyways, my router is a Linksys WRT300N and its terrible for VPN, even if I use DMZ. Whats wrong with connecting the Internet directly to The Terminal Server Box? I don't have to spend extra 200 dollars on a Router if I do it this way.