Server Configuration for Mutually Authenticated Remote Access w/L2

I am having difficulties researching the complete configuration details for a
client situation. The situation is as follows:

- Windows 2003 Standard Edition ("Server")
- "Server" is the Domain Controller, with name XXX.LOCAL
- Local Clients
- NAT Firewall Router between "Server" and Fixed IP Address Broadband service
- Windows XP Remote Clients ("Clients")

The desired configuration is to have "Clients" connect to "Server" using
L2TP. "Server" is to have the external DNS name
"GATEWAY.exterrnaldomainname.COM.

The obvious way to verify the identity of "Server" to the "Clients" is to
use a properly signed X.509 certificate from a known Certification Authority.
That certificate in turn can be used as the root for "Server" generating
individual certificates to confirm the identity of the remote "Clients".

All of the material that I have located on the Microsoft www site so far
seems to presume that the Domain Name is the same as the DNS name.

This is a production system, so the solution, at least for the foreseeable
future must use 2003, an upgrade to 2008 is not in the cards for some time.

Assistance with the missing pieces of this puzzle would be appreciated.




Bob Gezelter