Remote site:

Main site:
BM3.8.3 (had abends with BM3.8.4, so rolled back)

Clients: WinXP SP2, BM-VPN Client 3.8.9, Client 4.91.1 with NMAS + NICI from that

a few weeks ago everything worked smoothly. Now VPN users on a remote site
complain, that they cannot any more access the GW-Server at our main site.

It's true: When a BM-VPN3.8.9 client login is done, then the main site IP range
is listed in the VPN clients "protected netowrks" list. But the PINGs don't get
answered, and a GW-Client connect to the GW-Server is impossible.

Even from the local LAN it is *NOT* possible to ping the remote's site BM Server.
But from the remote's site LAN access to the main site's GW server *IS* no
problem, as well as pinging both ways all PC/servers. Also Client to Server
NWClient access is no issue at all, within the remote site's LAN and trough the
VPTUNNEL from our main site.

When dialing in with the VPN Client, the remote site's server *IS* answering to
the very first exactly 2 packets, then no further answers arrive back.

A RCONIP.EXE freezes within the first 30 seconds.

Unloading IPFLT doesn't change anything.

Any suggestions or ideas what might cause this? We are quite under pressure for
this issue...

Next week I'm planning to use the mirror port of the switch there to catch a
packet trace from the remote site's server switch port: Last time I used
PKTSCAN.NLM on a BM machine it only captured *THOSE* packets that weren't
dropped due to any filter rule: is that correct?

Thanks for any suggestion,

regardds, Rudi.