AT&T out here provides only PPPoE Internet accounts, and sets up the router as a NAT firewall = effectively no static IPs. However, these business accounts do include 5 static IPs, which, of course, the customer is paying for, but doesn't know about.

My client's software vendor would not enable printing and scanning (which he very much wanted) at his remote office until the two offices were connected with a HIPAA compliant VPN tunnel - so I really needed those statics.

I had LinkLine DSL put in at the remote site with a static IP and bridged Ethernet. No problem here, but how to get the statics to work on the already installed AT&T service at the main office?

Fortunately Motorola's site had clear and almost complete instructions on how to program the Netopia 3347 router to allow statics on a PPoE connection. They strongly warned that reprogramming the router this way would expose the inside network directly to the Internet, but they didn't bother to mention that stateful inspection (buried very deep in the menus) would reject all incoming requests.

Good Internet access from inside - nothing from outside. Took me a bit to resolve that little problem, but it's now all good.

I'm using a pair of Cisco RV 120W VPN routers to make the tunnel. These are very low cost and include 802.11n wireless access with HIPAA required WAP and a 4-port switch, both features needed at both ends of the tunnel. I had to set them for "Agressive Mode" to get them to connect, but I already knew that.

The Cisco routers aren't as flexible as the Linksys VPN units they replaced. With the Linksys you could have dynamic IP at one end, but with the Cisco routers it's static IP or FQDN (Fully Qualified Domain Name) at both ends.