Standard Disclaimer:
First of all, unless you have specific permission to remotely access the company's resources, don't do it, it's usually grounds for immediate dismissal, and it's usually a zero tolerance policy. It has to be, deal with it.
OK, well, from the origination side, you shouldn't need to do anything, unless you're running some kinds of proxy, usually not an issue other than you have to rememberwhat the "outside" / public address is, in case you have to allow traffic from that address through the destination's firewall (figure you'll have to, that's the norm).
The rest is gonna be fairly general, since you're being sparse with details.
From here out, when I say the origination address/source address, I'm talking the outside address of the source's firewall/NAT, the public address, the one everyone on the Internet would see if you had "Respong to PING" enabled on the outside of your firewall.
If the VPN terminates at the firewall, register the source address with the firewall VPN process, fill in the details as requested, make a note of the parameters (or get 'em from the admin) and make sure they match your client (like 3DES, DES, whatever encryption, handshake, etc. You're done.
If the VPN terminates inside the firewall: Find out what ports your VPN system uses (IPSEC stuff is usually 500, I think), set up the firewall to allow those ports from your source address to the VPN server...those ports only, only from your address to the VPN box's address.
Set up or get the parameters from the VPN box, make sure they match with the client (your home PC). Add the account to allow connection on the VPN box.
On your client (the source machine), aim your VPN at the external address of the firewall at work, that's the address that everyone on the Internet would see if you allowed PING response. The firewall should recognize your address, verify that it's an acceptable port from that address, then forward the packet to the VPN box.
The VPN box will also do authentication and authorization (usually), then do the handshake to set up the VPN tunnel . Your firewall on the source side MAY need to have a "hole" to allow traffic from the destination firewall's external IP using the correct port numbers (again, I believe it's port 500)...since some firewalls will allow established sessions to come back through, you may not have to open a hole on your side....if it's a tight firewall, you probably will have to....it depends.
Once the tunnel is established, the VPN box will give your source machine an internal address, and all traffic from your machine will pop up on the internal network with the newly issued (temporary, usually) address. Some boxes will route it out to the LAN, some will do a "default gateway" to an inside router, some will just dump you on some segment.....it depends.
The things to remember are: When something asks for an address, 99% of the time it needs the EXTERNAL address (the Internet Side) of the firewall/router/whatever.....You're dealing with firewalls, so you almost certainly have to "make a hole" through the firewall using the explicit addresses (source & destination) and port numbers (and probably TCP or UDP packets or both). The looser you are with those parameters, the more exposure and risk you run of some undesirable getting through.
You MUST EXACTLY match the parameters of the server-side and client side. The keys have to match. The tunnel names might have to match, the access groups probably/certainly have to match.
AGAIN: don't try this without permission. Talk to the firewall person/people, talk to the VPN person/people. If you're them, you need some training....it's not something you can get from a BBS system (or at least without a sh*tload of bleeding). If you're using the MS VPN system in Windows...be very, very careful...it's just barely "commercial grade," and I'd almost bet there's cracks posted far & wide on the hacker sites.
Good Luck
Scott
....
Facebook
Twitter