I'm having problems connecting from a PC (static ip) through BM3.5 atLocation#1 to a remote Citrix which is behind a second BM3.5 at
Location#2.
See the trace below:



REQUEST LEAVING BM35#1 AT LOCATION#1

RECEIVE:pktid:33359 10.0.X.67->65.198.X.116 ttl:128 (TCP)

TCP:SYN Source Port:3147, Dest Port:1494 Sequence No.:15993648 Ack
No:0
Window:8

192 UrgPtr:0

FORWARD:pktid:33359 209.114.X.8->65.198.X.116 ttl:127 (TCP)

TCP:SYN Source Port:3147, Dest Port:1494 Sequence No.:15993648 Ack
No:0
Window:8

192 UrgPtr:0





REQUEST ENTERING/EXITING BM35#2 AT LOCATION#2

RECEIVE:pktid:33359 209.114.X.8->65.198.X.116 ttl:114 (TCP)

TCP:SYN Source Port:3147, Dest Port:1494 Sequence No.:15993648 Ack
No:0
Window:8

192 UrgPtr:0

FORWARD:pktid:33359 209.114.X.8->192.168.X.3 ttl:113 (TCP)

TCP:SYN Source Port:3147, Dest Port:1494 Sequence No.:15993648 Ack
No:0
Window:8

192 UrgPtr:0

RECEIVE:pktid:64424 192.168.X.3->209.114.X.8 ttl:128 (TCP)

TCP:SYN ACK Source Port:1494, Dest Port:3147 Sequence No.:1615401309
Ack
No:1599

3649 Window:65535 UrgPtr:0

FORWARD:pktid:64424 192.168.X.3->209.114.X.8 ttl:127 (TCP)

TCP:SYN ACK Source Port:1494, Dest Port:3147 Sequence No.:1615401309
Ack
No:1599

3649 Window:65535 UrgPtr:0



REQUEST RETURNING TO BM35#1 AT LOCATION#1

RECEIVE:pktid:64424 192.168.X.3->209.114.X.8 ttl:127 (TCP)

TCP:SYN ACK Source Port:1494, Dest Port:3147 Sequence No.:1615401309
Ack
No:1599

3649 Window:65535 UrgPtr:0

LOCAL:pktid:64424 192.168.X.3->209.114.X.8 ttl:127 (TCP)

TCP:SYN ACK Source Port:1494, Dest Port:3147 Sequence No.:1615401309
Ack
No:1599

3649 Window:65535 UrgPtr:0

Discard Incoming: cause(FILTERING), reason(5)



It appears that the private ip address of the Citrix server is not
being
translated to it's public equivalent as it leaves BM35#2 and is
subsequently
filtered as it enters BM35#1 after traversing a VPN set up between the

locations. Location#1 Citrix users on a second subnet as well as
outside
users are able to successfully establish sessions with the Citrix box
at
Location#2. The problem seems confined to the one subnet which was
added
after the IP's in the other were used up. I was able to duplicate theproblem on a test system and resolved it by correcting a misadjusted
filter
exception however the filter exception for the address used in the
above
trace allows all traffic between the PC and Citrix and the problem
still
remains. Something stuck?

Suggestions?

Tks, Rickl