Since you are doing a site to site VPN. You will need to setup RRAS, from a static mapped external IP in the firewall, port forwarding 1723 and protocol 43 to the RRAS server.
You will need to create a user in AD and assign it a static IP in AD under dial in properties. Typically the remote VPN will be set to dial, maintain and reconnect. Once you verify that this specialized user is able to connect (it must be allowed in AD and in RRAS. Typically an AD group is assigned for this purpose.)
You will need to apply routes to the dial in user on the RRAS server. Then in your router core you will need to assign routes that have a gateway of your RRAS server. On the remote end, you will need to define a route for the internal networks to be pushed over the VPN tunnel.
example:
Home office : 10.1.0.1/24
Remote office: 192.168.1.0/24
RRAS IP : 10.1.0.4/24
Remote firewall ip : 192.168.1.1
Remote username: "remoteoffice1" static IP assigned: 10.1.0.5
"static route for remoteoffice1" 192.168.1.0/24 10.1.0.5 (this gets inserted in to RRAS static route list)
Route to insert in to the home office route list (static / BGP / RIP2 pick your poison)
192.168.1.0/24 10.1.0.4
Remotely:
192.168.1.0/24 gateway 192.168.1.1
Route in the firewall: 10.0.0.0/8 10.1.0.5. [some firewalls here will have a 'fake route' of 10.0.0.0/8 <VPN Tunnel>]
This just example only, your real environment is likely very different.
In the PPTP side of the firewall:
username DOMAIN\remoteoffice1
password <some really long and difficult password.
Your 2003 VPN server being right on the Internet is going to cause all sorts of connectivity issues including misregistered DNS names, improper IP management etc. This is ignoring the fact that it will likely be "omgwtfowned" in less than a month and provide a) free access to your internal network or b) "Free VPN" to the rest of the world. or c) a botnet master.