Hello Cat and Craig !

I'm having a trouble and I've read lots of news related to my problem, but until now I can not see / ping an internal workstation ou ping private IP address of BM server.

I promissed the new suite to a client, but I'm not reaching the sucess on it.

The network is really simple (in my lab):

External workstation: 200.233.XX.1 with VPN Client v3.8.9 over Windows 98.

BM Server with public IP 200.233.XX.38/255.255.255.0, and private 192.168.0.253/255.255.255.0. (SP3 + BorderManager 3.8 POST SP3 Interim Release-1) with Small Business Suite 6.5 Starter Pack with SP3.

Internal workstation with IP 192.168.0.1/255.255.255.0, Windows 2000 Pro with UltraVNC, default gateway points to BM server's IP address.

Two cross over cable conect the three network elements.

NAT version: (I tried this old version - nw51_nat - 1.10 - May 2, 2000, because Cat have suggested in other record), but it didn't work. I've got back NAT 10.00.04 - Jan 6, 2005.

TCP version: (domestic) 6.69.07 Jan 7, 2005; TCPIP.NLM version (domestic) 6.69.07 Jan 12, 2005.

INETCFG
->PROTOCOLS->TCP/IP-> IP PACKET FORWARDING: ENABLED("ROUTER"); LAN STATIC ROUTING: DISABLED; FILTER SUPPORT: ENABLED; NAT IMPLICIT FILTERING: DISABLED;

->BINDINGS->PUBLIC NIC->CONFIGURE TCP/IP BIND OPTIONS:->EXPERT TCP/IP BIND OPTIONS: -> NETWORK ADDRESS TRANSLATION:-> STATUS: STATIC AND DYNAMIC & NETWORK ADDRESS TRANSLATION TABLE: PRIVATE IP ADDRESS RELATED TO IT SELF.

-------------------------------------------------------------------------------------------------------
On SKIP mode:

VPNCFG: I'VE MADE THE INPUTS TO ALL RESPECTIVE FIELDS, AND VPN TUNNEL IP ADDRESS: 192.168.99.1/255.255.255.0. After that I updated VPN filters.

In the NWadminstrator:
BM Setup, VPN Tab, VPN Master with double click on the BM Server, I assigned protected IP Networks and Hosts the network address 192.168.0.0 (is that right ?). Other settings are Encryption Capability: domestic; key management methot: ISAKMP and other values are default.

VPN Client: I selected Encrypt Only Netowrks Listed Bellow and added 192.168.0.0/255.255.255.0.

At Access Rules, I added a rule to VPN Client: Allow, VPN Client, Source: Any, Destination: this server;

With legacy VPN I can login to VPN, but I cann't ping internal workstation.
-------------------------------------------------------------------------------------------------------

On IKE mode:

VPN Server Configuration: S-to-S selected as Master,
Server address: 200.233.XX.38/255.255.255.0 - Tunnel address: 192.168.99.1/255.255.255.0
IPX Wan address: ccccaa
C-to-S configuration:
address pool: network 192.168.99.0/255.255.255.0 (does it has any interference with legacy vpn tunnel
Traffic rules: I have inputed all the rules I've read Craig's book and one that permits read workstation 192.168.0.1 where UltraVNP is running.
authentication rules: any user, NMAS authentication permited with Logged selected;

In AUTOEXEC.NCF, I've writen "SET NAT DYNAMIC MODE TO PASS THRU = ON ".

In both cases I can login to VPN, but I can not login to netware, ping private BM server's IP address or internal workstation IP address.

Can you help me !
Fabio Ravazzolo