How to configure 2003 Server to replicate primary DC in WAN

Thank you for a rapid response.
Setting up boxes next to each other would be extremely difficult as one is in UK and other one in US.

SBS has already VPN configured. I can vpn to it easily from my laptop. However when I am trying to do it from the server I receive 800 error (couldnt establish connection). Perhaps it is related to Security Configuration Wizard? I managed to install only updates, after restart cannot browse any website.

Any ideas?

If I were you, I wouldn't set up a VPN from server to server. Set up a tunnel through your router/firewall. If your router/firewall does not support VPN, get 2 that do. They're not expensive. You can probably get a Netgear Firewall that supports VPN for under $200 (although I'd probably recommend spending a little more on a business class firewall... maybe Sonicwall).

This way, if your clients need to access resources on the other subnet, they can (without going through the server first).

Your servers probably aren't communicating because the Windows Firewall on the server isn't configured to allow VPN.

I tried to open Windows Firewall. Message popped up saying Windows Firewall cannot run because another program is running that might use the network address translation component (Ipnat.sys).
I tried to disable it in command prompt with "net stop ipnat" and "sc stop ipnat" and in both I received that "The service has not been started".

Oh yeah, forgot that the Windows Firewall is disabled.

try going to the command prompt and typing "telnet <ip address of sbs server> 1723"

If it times out, then you're not able to hit the PPTP VPN port on the remote server. If the screen goes blank, then that port is available and it's not a connectivity issue (could be invalid username or password or something else).

SBS server has internal IP. I cannot telnet to it unless VPN is configured. Then VPN cannot be configured because on of the routers doesn't support VPN. Vicious circle.

You'll still need to forward port 1723 from your router to the sbs server or people outside of the network will never be able to establish a VPN connection. After forwarding the port, you could then try the telnet test.

I can use VPN and telnet from my laptop but not from the server.

What can I do to be able to view websites? I removed Internet Explorer Enhanced Security and still don't work. Do you have any idea?

Ok. I disabled the Remote access / VPN and it worked. I tried to telnet again but it goes blank and after about 2min timed out. Although I can access Internet and remote desktop works (which was the main thing).

So when you're connected to the VPN, you can't connect to the internet?

Go to the properties of the VPN connection --> Networking --> TCP/IP --> Advanced and uncheck "Use default gateway on remote network".

Actually I'm connected to Internet but cannot to the VPN.

So how did you disable Remote Access / VPN then?

I disabled it in MMC snap-in. To make Internet work I removed Enhanced Internet Security in Add/Remove Windows Components.

I finally managed how to work around with VPN and RAS. VPN is configured (I guess) and RAS is up and running. I am able to connect to the main server in UK over the VPN connection. However when I am trying to add the secondary (new) server to the domain it says "The network path was not found". And again when I am trying to go for dcpromo, it moans that RPC is unavailable and "This condition may be caused by a DNS lookup problem."
Do you have any idea what to do?