Hi all,

I'struggling to figure out the filters to allow NDS sync, SLP, and NCP

logins over a Site to Site VPN, wonder if someone could help me out
here.

I had thought I could say:

Src Int: VPTunnel
Dest Int: Private
Pkt Type: VPTunnel (I'm assumming all VPN traffic goes over port 2010)


Src Int: Private
Dest Int: VPTunnel
Pkt Type: VPTunnel

But even with Pkt Type: ANY these exceptions still fail.

Does VPTunnel traffic get routed directly through to the Private
interface, or is routed first to the Public and then to the Private?
In
which case I guess I'll need two sets of exceptions one from the
VPTunnel to the Public VPN Address, and one from the Public VPN
Address
to the Private Address.

Cheers,

Neil