We updated BM3.7SP1 to SP3. Also updated NW6.0 to SP4. Have an
application that requires a Cisco VPN client (Ver 4.01)to connect to VPN
Server (Cisco VPN Concentrater)outside. Generic UDP proxy is configured
with VPN Server's IP address and listens on Ports 500 and 4500.

After upgrades VPN client will create tunnel and seems connected but does
not support traffic. The VPN server is at a government department which
limits testing options. Only test I have is to telnet a host on a high
port - this fails to connect over the VPN.

Cisco VPN Client with same config works on machine with direct internet

Unloaded Filtsrv temporarily - didn't help.
Checked access rules - no issues.
Performed packet traces on workstation interface with ethereal, packet
scans on both BM server interfaces. All traffic is on port 4500 and seems
to be sent and received.
Added Craig Johnson's proxy.cfg.
Cannot see any logs for generic UDP proxy. Export produces 0 records even
though logging is turned on.

Built a test BM 3.8 Server with NW6.5 SP1.1. Same behaviour.

I can backrev the production BM server to SP1 but reluctant to do this.

Any ideas?

John Randall