This sounds too weird to be true and I have no ideas right now.
We are moving to a different network soon and I wanted to temporarily
allow traffic from a Cisco VPN server to reach our servers while
things are moving.

The VPN is on the public side of the BorderManager 3.8 and it
terminates the encryption tunnel. Then it sends clear text to our
firewall. The servers have public IPs with static nat so they can be
accessed from certain subnets. I have an example using bogus IP's

From IP range the servers are accessible all the
time. The Cisco vpn issues IP addresses The filters
allow ALL traffic in and out from those two IP ranges.

When I ping from outside the network through the Cicso vpn, I do not
see the packets at our servers. However, if I make any change to the
filters, any at all, then save the filter, then the pings come through
for a while, and then, after about a minute, they are blocked again.

Every time I make a change to any of the filters, the pings from the
vpn server come through, then stop after a few minutes. The pings
from work all the time. Only the pings from the Cisco
vpn are affected.

Can someone figure out what I am overlooking here? Keep in mind that
the traffic from the Cisco server is clear text so encryption is not
the problem.