I got it working going to public IP's with a filter for all interfaces
and
any address for both destinations. One filter going out to 7100 and
one
responding on 7100. Is going through the tunnel the preferred
method??
Obviously, it is secure. I am also running VoIP on my VPN's between
offices. I guess I will also need to change the link config for MTA's
to
point to private IP on BM box instead of Public's like I have now.

I thoroughly enjoyed your lecture on BM topics and purchased your
books.
Best books I have ever read on BM configs. Thanks a lot.