I have a vendor who needs access to a pcanywhere host inside my
I set up the filers as described in Craig Johnson's book (the 4 filter

exceptions) and it has worked perfectly for more than a year. BUT we
using all public IP's inside the network.

Now we've turned NAT on and I can't get pcANYWHERE 10 through any
On the BM server I used inetcfg to bind a public address to the
address (on the public interface) of the internal pc running host and

added the add secondary ip xx.xx.xx.xx in autoexec.ncf. I see the
when I do a display secondary ip. In my filters I specify the
internal ip
address of the PC running PC anywhere host and I have the remote user

specify the public address to connect to. When this didn't work, I
two filters (also in the book)as a stateful filter for udp port 5632
for tcp port 5631. Still didn't work. I took all the filters out and
them back in. The firewall has been rebooted. All my other filters
VPN work fine since the switch to nat.

If I take a pc outside the firewall and try to connect to the public address it times out. If I put the pc inside the firewall and try to

connect to the private address, it connects immediately.