I've just installed and configured a Client-to-Site VPN server on my BM
3.8 box (on NW 6.5). The NIC with the public address has dynamic NAT
enabled to my internal private addresses. Patches available up to today
are in place.

This appears to be the classic without filters loaded – works great,
with filters loaded – no connection. Indeed, without the filters loaded
I can log in and exist just as if I were connected on the local LAN.
Works very nicely.

OK, I believe its a filter exception problem. Candidly, after I've gone
through all the readings available, after following all the "if this –
then do this", "if this version – then do this", "if you want this –
then do this", and running the vpncfg and brdcfg NLM's a few times; I
have obviously taken a wrong turn somewhere.

Is there a list of the couple of filter exceptions necessary to make
this vanilla C-S VPN work?

BM 3.8 on NW 6.5
Single Box
Public addressed NIC has dynamic NAT
No secondary addresses anywhere
No legacy support needed
No IPX needed

When I first looked into filtcfg I saw basic exceptions dealing with my
proxys as well as some other items. Absolutely nothing dealing with
VPN. The additions I've made to deal with VPN are obviously not correct.

Thanks for any help here. Much appreciated.