I need help identifying whether or not the following is a valid IPSec
deployment scenario before I waste a ton of time setting it up. Can someone
provide some guidance?

I have a W2K3 corpnet domain and a recently setup a W2K3 server with a
hosting provider where ther is only one NIC which has the public ip assigned
to it.

All I want to do is keep a VPN or IPSec (whatever it takes, even ISA 2004 if
need be) connection between our domain network and that hosted server alive
so that we can manage that server in the hosted environment using the same
GPO's and AD accounts. I have already added the hosted server to the
corpnet domain. It would be great if it would only dial on demand when a
request was made for that netbios or fqdn of the hosted server from the corp
net but I'd be content with an always on connection too if that's what it

On our corpnet we are using RRAS (for inbound VPN clients) and ISA 2004 on
the same box which has a NIC going to the DMZ and an internal NIC to our

Would IPSec be the way to go to setup a secure / always on tunnel between
the hosted server and our corpnet? I've read the usage scenarios online and
they are pretty confusing.