Do you mean connect over the internet or a WAN line? Connecting over the internet is a no-no.

Just a quick note.
 
If you are working with primarily NT 4 servers (from what I have read) ... then create trusts and create PPTN VPN Connections using RRAS found in the OPTION PACK. That will allow secure connections for your networks with the internet used as the medium. VERY ROUGH EXPLANATION.
 
Workgroups would be FAR easier to manage remotely if in a Domain security context. Principle is the same ... one machine seen as the bridgehead/proxy server.
 
Quite an enourmous topic with numerous possibilities, combinations, and outcomes. IMHO, I would give US a lot more details to your setup so that the talented crew of NTcompatible could help you.
 
www.labmice.net
www.microsoft.com/technet

You could investigate the possibility of VPN using IPSec.

Here is more info on how the network is setup..
In the 3 locations almost all of the computer are running win98. There are a couple computers running XP and 2000. Each location is connected to the computer using a DSL router.
One location has the NT 4.0 server running with a domain server. There are computers that log in to the domain and some that just connect to the workgroup. This is the main location.
The second location is setup with a server but the computers are just connected using a workgroup.
The third location is just a peer2peer network using a workgroup. (Would I need to setup another server for this location?)
I am really just looking for the simplest ways to connect the 3 locations with enough security for outside people not being able to easily get access to the network.
I will look at VPN. Thanks for the help.

I've been reading about setting up a VPN server but I was wondering if it is possible to do this using a linksys router. Would I need to forward the VPN requests to the server somehow?

Well heres a link for 2000 and NT (towards the bottom) on configuring VPN access. I would suggest in reading those whitepapers. And from what I gather through your posts, these are my suggestions.
 
http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp
 
http://www.tek-tips.com/gviewthread.cfm/lev2/5/lev3/34/pid/463/qid/326646
 
http://www.wown.com/j_helmig/vpn.htm
 
1. If the 2 satellite sites just need to share resources with the domain, then all you need is to open PPTP (using NT as your RRAS) ports 1723 and Generic Routing Encapsulation.... GRE 47... on your DSL routers ... though most SOHO routers perform this rather poorly (get the latest firmware. Also install RRAS from the Option Pack on one of your NT DCs, unless of course you got a Win2k server that can handle RRAS.
 
2. If all 3 sites need to share resources equally then I suggest putting in a Radius server in each site to authenticate users who log in through PPTP.
 
3. I dont recommend using L2TP with IPSEC since NAT breaks this (correct me if I am mistaken) and since you have said your domain is NT 4 based. Though you may use L2TP/PPP.
 
Clutch and APK please critique or add more info he might need. I am in the middle of cursing at some dell perc3 drivers

LOL, I'll take a peek at the info, but you have been very accurate with everything else you have posted that I don't think there will be an issue. However, I wanted to say that I was doing the same thing about my PERC3 controller in my Dell workstation at work, but I found out that the current distro of Gentoo supported the controller at boot, and it made my life much easier.
 
Now on a real quick overview of your points:
 
1. Sounds familiar (been a while since I had to setup our W2K VPN) but I do remember having to manually enable GRE support on our Cisco PIX
 
2. Yep, although another way would be to use w2k server that can route on demand to the VPN connection (I haven't had to do this, but it's similar to what you said in authentication and transparent to the user).
 
3. I have seen many consumer-grade gateways now supporting IPSec, including my Linksys BEFSR-41. I haven't had a need to work with it that much outside of a lab though.

Been trying to get a windows 2000 installation to install the latest perc3 driver without the hardware being there .... basically trying to move an entire hard drive image to dissimilar hardware .... Ugh! ... basically I am playing janitor and cleaning up.
 
PPTP is is pretty decent for most applicable needs. GRE 47 carries the payload and port 1723 does the authentication. That GRE 47 is actually protocol ID and not a port number for any I have confused.
 
And yes, clutch is correct, there is IPSEC NAT transversal which allows it to pass through NAT as seen here ...
 
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/cableguy/cg0802.asp
 
So there ya go, another option for you to play with.

Thank you for the suggestions. I am looking into them.