I have one server with 2 NICs. Public IP address of server is
xxx.xxx.xxx.67. Private server IP address is Server is
as master VPN, etc.

Client site router does DHCP. Client IP address is
site router obtains IP address from ISP dynamically.

I can login to server from public segment using VPN client software
doing a Win2K "Workstation Only" login. The client finds and attaches
server then properly executes the login script. In short, it works
perfectly. From that I conclude the server is correctly setup.

I can Telnet to server public IP address port 353 from remote site and

connect. I cannot connect to ports 213 or 2010. I get the same results
the server site from the public segment.

According to the server site ISP, the router is wide open and blocks nothing. According to remote site ISP, the only ports that matter are
destination ports. Neither ISP blocks anything. For testing purposes,
server site firewall was bypassed.

From client site I can ping server, but cannot login and execute login

script. And, yes, I've checked and rechecked VPN client settings re
destination IP address, context, username and password. Help.

Also, after resolving this issue I want to move users at the server
to the private segment. How do I route their browser traffic to the
segment. A default route is established from the server's public NIC (xxx.xxx.xxx.67) to the router (xxx.xxx.xxx.65)? How does NetWare know
send the return traffic from the public segment to the private
segment? Is
this a network route? Or host route? As I understand it, you never
setup a
default route on private segments.

How do NAT and filters fit into all of this? Do I need NAT or
filtering at

Thanks for the help.