I'm using BM 3.7.4 client+NW490client on a WinXP box over NAT on DSL.
I can get the VPN client to connect but can't ping anything internal
or login to the LAN unless I put in a filter exception to allow all
inbound traffic from the (external, not NATed) IP of the client. Once
I add that exception everything works fine but of course I don't want
to leave this exception in.

I don't have this problem on a Win2k box with the same clients over
cable with no NAT. I can connect and login without incident from that

What can I do to make that WinXP over NAT work without opening my
doors so wide to that IP address (besides it's not static so it won't
be reliable anyway).