We have a problem with our new LANcom routers we want to use to connect
our customers to the internet.
The router uses PPPoE to connect to the DSL provider, using NAT on that
external interface. When logging in with the Novell VPN-Client (3.8) to
the BM server (3.7), the login procedure finishes without any problems,
but no data packets are transmitted across the tunnel. The revision log
in NWadmin shows errors for every transmitted packet (the UDP port 2010
(AH) ICV is not matched, SPI=1, src=x.x.x.x, dst=y.y.y.y
(IP security error number 392)

When using a Windows 2003 server instead of the LANcom router,
everything works fine.

So I guess there is a problem with the NAT on the LANcom. I've made
ethereal traces from the packets before and after NAT on the LANcom and
on the Windows server, but I just can't find the difference.

Any idea what leads to the "(AH) ICV is not matched" error? I'd like to
talk to LANcom about the problem, but first I have to know what they
must change to get the VPN to work.

Kind regards,
Volker Schmitz