I have a new client to site vpn setup on BM38SP1. I built the vpn server
per Craig Johnson's book rev.3 (which is an excellent book by the way)!
The vpn server is in it's own tree in a DMZ. The client can authenticate
using NMAS/LDAP to the internal tree no problem. The tunnel gets
established and the client gets an ip address from the pool I created.
The client gets an error the Netware login attempt failed. The user is
not logged into Netware.

If I monitor the VPN tunnel in Monitor/lan wan drivers I can see packets
received by the BM server but no packets are being sent back to the
client. If I ping and internal IP from the client I see an echo request
on the BM when doing a tcp ip debug from > 10.1.x.x. I have
tried logging in using ip address instead of a name but no luck there
either. I do get my SLPDA info and DNS that was entered in iManager
client/site setup. I'm suspecting a routing issue. All internal host use
a default gateway that is not the BM.

The clients are WinXP with all the latest client/patches for both VPN and
Netware client.

Any ideas?