First thing to check is whether your router has any settings for PPTP or IPsec "pass through". These are commonly found in Linksys routers but you may have to hunt around for them. Figure 1 shows a shot of the bottom of Linksys' BEFSR41 Filters screen, which contains separate enables for PPTP and IPsec pass through.

If there is still no connection, try opening some ports in your router's firewall to get your VPN connection made. In each case, you'll need to open the specific ports (and protocol) to the IP address of the computer that you're running the VPN client on.
NOTE that port mappings work with only one computer at a time. If you have multiple VPN clients that you need to connect, your router will have to support the VPN protocol that you're using without requiring ports to be opened.

If you're using Microsoft's PPTP protocol, TCP port 1723 is the port you'll need to forward to allow PPTP control traffic to pass. Figure 2 shows the Forwarding screen on a Linksys BEFSR41 set to forward this port to a client with IP address 192.168.5.100.

PPTP also needs IP protocol 47 (Generic Routing Encapsulation) for the VPN data traffic itself, but note that this is a required protocol, not a port. The ability to handle this protocol must be built into the router's NAT "engine" - which is true of most present-generation routers.
IPsec-based VPN's need UDP port 500 opened for ISAKMP key negotiations, IP protocol 51 for Authentication Header traffic (not always used), and IP protocol 50 for the "encapsulated data itself.
Again, the only "forwardable" item here is UDP port 500, which is also shown programmed in Figure 2 to the same LAN client machine, protocols 50 and 51 must be built into your router.

Tip: Some routers allow only one VPN tunnel to be opened and used by a single client. Others support multiple tunnels, but with one client per tunnel. Unfortunately, most vendors don't make the VPN pass through capabilities of their products clear in their documentation, nor do they have support staff properly trained to provide this information either. In most cases, your only option is to try a router in your specific application, and make sure you can return it and get your money back if you can't get it working.

In order to connect remote workstations to a central server a concentrator is required. This takes the form of a VPN firewall/router similar to the SG300 having an address of 192.168.0.1.
The box sits between the workstations and the modem and connects to the modem using a straight through cable. This will produce an entirely different addressing scheme to that provided by a modem router. The modem/router will probably contain a DHCP server that produces the IP addresses for the workstations, of the form 192.168.1.nn. The SG300 also has a DHCP server and it is this one which is used to define the LAN addresses. The workstation swill need to be given specific IP addresses as follows

1. Click Control Panel and Network Connections
2. Right click on the LAN definition and click Properties
3. Select TCP/IP and click Properties
4. Check the box 'Use the following IP Address' and enter the address details, usually of the type 192.168.0.nn

The SG300 requires a connection to be defined to the central server. This will have the IP address provided by the ISP and a name that defines the link. A username and password needs to be supplied but these are anyones that seem appropriate.

A VPN client then neeeds to be defined on the workstation.