We are running a BM 3.7 VPN at work, and apparently no one can login
to
internal servers/devices once connected. For instance, I am connecting
via
broadband using a Linksys BEFSR41 Cable/DSL router (firmware flashed
to
most recentversion). I can connect to the BM public IP fine, but if I
try
to login to another server using the IP address on the internal
network, I
receive the error: "The Tree or Server cannot be found". I am unable
to
ping at this time since all ICMP traffic is being blocked by our
Extreme
switches since the MSBlaster virus.

I am fairly new to the organization, but according to the engineer
that
implemented this, he states that users who come in via dial-up work
fine,as well as users that connect from our parent company (also our
ISP).
It is only the users using high-speed connections (and I suspect
behind
NAT devices)from home that are having this problem. He says that there
is
some type of UDP checksumming going on that never allows the tunnel to
be
established, in esscence breaking the connection. For some reason, I suspect that there might be some configuration issues that are
preventing
this from working. Let tell you what I have observed:

In NWAdmin, "Encrypt only the following networks" is selected. Most
entries show a full 32 bit subnet mask (255.255.255.255)and the actual

subnet entry (10.x.x.x/20) containing the servers that require access
was
absent from the list. I have since added this entry.

In BM setup, there is an entry to allow VPN Clients to login to BM
server.

The Public Interface = 128.x.x.x
The Private Interface = 10.90.x.x
VPTUNNEL IP = 192.168.1.x/24
My Internal subnet address (on Linksys) = 192.168.200.0/24

We do not have Cisco Routers at the edge. We are using a serial
connection
from the Extreme switch, which points back to our ISP which, by the
way is
our parent company. Their subnet is also 10.x.x.x (I believe)

Our LAN is VLAN based, and all internal servers default gateways point

back to a port on the extreme switch doing layer-3 routing, and that
ports
default GW points to the BM server. The BM server's Default GW is the

external IP address assigned to the serial port on the Extreme switch.

There are no other static route entries on the BM server. According to
my
colleague, he is relying on RIP on the internal interface to advertise

routes internally, so no others are needed. I would think that there
would
be at least one additional route entry on the external interface
indicating that any traffic bound for our internal network would have
to
go to the private IP address of the BM server.

I hope that this post isn't too long. But I think that he's given up
on
making this work and I'd like to get this working. Any assistance
would be
appreciated.