We are running a BM 3.7 VPN at work, and apparently no one can login
internal servers/devices once connected. For instance, I am connecting
broadband using a Linksys BEFSR41 Cable/DSL router (firmware flashed
most recentversion). I can connect to the BM public IP fine, but if I
to login to another server using the IP address on the internal
network, I
receive the error: "The Tree or Server cannot be found". I am unable
ping at this time since all ICMP traffic is being blocked by our
switches since the MSBlaster virus.

I am fairly new to the organization, but according to the engineer
implemented this, he states that users who come in via dial-up work
fine,as well as users that connect from our parent company (also our
It is only the users using high-speed connections (and I suspect
NAT devices)from home that are having this problem. He says that there
some type of UDP checksumming going on that never allows the tunnel to
established, in esscence breaking the connection. For some reason, I suspect that there might be some configuration issues that are
this from working. Let tell you what I have observed:

In NWAdmin, "Encrypt only the following networks" is selected. Most
entries show a full 32 bit subnet mask ( the actual

subnet entry (10.x.x.x/20) containing the servers that require access
absent from the list. I have since added this entry.

In BM setup, there is an entry to allow VPN Clients to login to BM

The Public Interface = 128.x.x.x
The Private Interface = 10.90.x.x
VPTUNNEL IP = 192.168.1.x/24
My Internal subnet address (on Linksys) =

We do not have Cisco Routers at the edge. We are using a serial
from the Extreme switch, which points back to our ISP which, by the
way is
our parent company. Their subnet is also 10.x.x.x (I believe)

Our LAN is VLAN based, and all internal servers default gateways point

back to a port on the extreme switch doing layer-3 routing, and that
default GW points to the BM server. The BM server's Default GW is the

external IP address assigned to the serial port on the Extreme switch.

There are no other static route entries on the BM server. According to
colleague, he is relying on RIP on the internal interface to advertise

routes internally, so no others are needed. I would think that there
be at least one additional route entry on the external interface
indicating that any traffic bound for our internal network would have
go to the private IP address of the BM server.

I hope that this post isn't too long. But I think that he's given up
making this work and I'd like to get this working. Any assistance
would be