Craig and Lance,
I'll pick it up from here. Somehow my answers on both your replies
didn't
come thru.

I did a port scan on the public IF of the BM37 (GFI Languard Scanner
3.3)
but I don't seem to find any UDP port. Only TCP 353 (keepalive..??).
There is no difference in loaded or unloaded ipfilter .NLM. So I dug
up a
program named WUPS (Windows UDP Port Scanner, which only looks for UPD

ports) I also did a full range port scan (1-65535) and again no UDP
ports
found.

Still the NT4 WS VPN Client on the direct attached LAN on the public
side
of BM 37 (NAT, SET DYNAMIC MODE IS PASS THRU=ON)works fine.

A portscan from the Internet to the VPN Address on the BM 37 Server
shows
no different ports on the scan results other than the previous scan
directly on the public IF of BM 37 from that same NT4 WS.

So I have 3 questions here,
I suppose (mind this, I'm already less confident in this) I must have
a
VPN Client connection from the NT 4 WS on the Public IF LAN to the
BM37
server. When I look at the VPN CLient statistics page I see a lot of encrypted packets Sent and Received. Therefore I assume VPN is up and

running. The same results I get from the log of the VPN Server through

NWADMIN32. But how can I make definitly sure that VPN Client
connection
is OK?

BM 37 supports NAT on the Public IF of the BM server. But does it also

support NAT at the same time from the VPN CLient, if that PC is
attached
to the internet from a home network. From everything I've read, 3.7
does
support that and earlier versions didn't. Let's clear this.

Where are the UDP ports on the BM 3.7 public IF. The TID 2953912
(1999)
states that I only need Incoming TCP from >1024 to TCP 353.
And I need UDP 353 for keep alive.
The issue with Protocol 57 is still with the ISP. They don't seem to understand the Issue here so I've to wake them up again.

Thanks in advance for both your time and support so far.

Jan de Vries