vpn client behind bm3.8 sp1 doing dynamic nat on the public interface is
not able to connect to another bm 3.8 server

even with unload ipflt a connect a connect is not possible
if we route the vpn client over a linux firewall bypassing the bm it works

when using the bm as firewall we can see the following messages
"Retransmit timer expired :Peer lost our reply retransmit the old packet"
in ikelog.txt

after some of these messages the connect process starts again until the
client runs into an timeout

we already tried the beta patch of the netware 6.5 ipstack
the bm 3.8 runs on a netware 6.5 box sp1
the client version number is 3.8.2

any hints and ideas are welcome