OK, you VPN and packet filtering gurus out there, I need the correct
syntax to manually set up filters for my Site-to-Site VPN. Here is the

1. Master VPN server at one location, Slave VPN server at another
location, connected by Site-to-Site VPN. Netware 6 SBS on both ends,
patched to SP5. BMEE 3.6 patched up to latest level on both ends.

2. VPN tunnel establishes and IPX bound and stays bound with no
problem. IP call made from master to slave over tunnel, established
master-to-slave. However, IP will not established from slave-to-master
unless the master sends continuous PING requests to the slave. As long
as PING is running from master-to-slave, then the slave and the
workstations on the slave network can establish IP connections through
the tunnel. If PING is turned off from master-to-slave, as soon as
there is no IP traffic from the slave to the master, the "call
connection for protocol IP" is disconnected, and the IP is unattached
from the slave side. It remains established from the master side, and
the IP on the slave side will re-establish as long as PING starts again
from master-to-slave.

This has GOT to be some kind of keep-alive or timeout filtering problem,
but after looking at a bunch of TIDs, I'll be danged if I can figure it
out. The "Update VPN filters" in VPNCFG doesn't do it. Setting up
site-to-site filters according to Craig's filtering book doesn't do it
either. Could it be an IPFLT31.NLM problem? BMEE 3.6 installs with a
version of IPFLT31 which dates to 2002, while NW6SP5 (and NW6SP4)
installs a version which dates from 2003.

I'd love to be able to turn off PING and get this timeout/keep-alive
situation squared away in my filters. Any ideas out there???

Chip Reinhardt