Hi, I'm attempting to expand to another site using BM38sp5 VPN's, running on
NW65SP7, with both BM servers in the same tree.

I can't get communications happening between the 2 sites and I'm assuming
I'm doing something fundamentally incorrect in the setup. On the master site
the BM server is the gateway to the outside world, on the slave site the BM
server sits behind a DSL router. I've done the following, and am assuming it
is not correct.

1. Built the slave BM server on the master site, and added a root replica.
There are no partitions as yet so the new server has a copy of the whole
2. Configured the master BM server using the iMan plugins for all the certs.
The master's console screen shows it trying to connect to the slave
3. Configured the slave BM server using iMan for all the certs.
4. Added all firewall and filter exceptions as per the BM doco.
5. Taken the slave to the remote site and wired it in, it is the only
eDirectory sevrver in this tree on site. The slave and master public
addresses can ping each other over the net.
6. The tunnel does not come up, I cannot ping the remote tunnel address
going either way, but can ping the local tunnel address so they are bound.
7. I can telnet the slave from the local network on the appropriate port.

Is there something I should be doing to take into account the public address
on the DSL router? At the moment the BM slave server's public address is
what the tunnel is using.
Is putting a replica on the server and taking it to a remote site the proper
procedure? I know this breaks the ring but don't know of any other way. I'm
assuming because it can still see all BM config and license objects that
this should work...?

Thanks in advance,