so,, non supported config, no solution needed (anymore..) just a
strange story...,,
Customer had NW 6.0 servers with all patches, also BM 3.7 servers
patched and ready..

VPN / WAN in 2 different citities;
To make it easy, ( all IP's are fictional )

City 1;
internal net
External IP on BM-1

City 2;
internal net
External IP on BM-1

So,, this weekend, the ISP had som big issues one night making
everything go down. But,, when the lines came up again,, nothing
worked site to site. The VPN didn't go up.

Everything was reset/rebooted, this includes routers, servers,
switches,,etc..,, no help.

To test/check we unloaded all filters
From city 1; we could ping, trace and access;
the router in city 2 and internet.

From city 2; we could ping, trace and access;
the router in city 1 and internet.

We could also from each site access everything else on the remote
site, webservers, other firewall's other vpn's when unloading their
filters. But, regardless of how much we tried, we could never get BM-1
in city1 to ping or trace BM-2 in city2.

Next step was to do some packet-captures;
what we found was that the BM-1 in city 1 did work when "ping-in" the
router in city 2. A capture displayed both the protocol-1/icmp sent
and responce. But,,, here's the strange part, when trying to ping the
BM-2 in city from BM-1 in city, the capture did NOT show any
protocol-/icmp sent, instead it display protocol 57 sent with no

Since this looked somewhat related to BM/VPN we actually tried by
rebooting this server again with BM/VPN "rem'd" from the autostart and
then retried ping both the router and the BM-2 in city-2.
This time, router displayed correctly in the capture, but even more
strange, the ping towards BM-2 do NOT occur at all in the capture ??,
nothing, not a single packet toward's the BM-2 ip, and this capture IS
done on then sending server which obviously just doesnt send anything

So,, once again,, no solution needed, ,just a strange story that do
intrest me to understand what happened. Since it was urgent, we simply
redirected the customer over to a newly created VPN over netgear boxes
instead to get them up'n'running... sad part is...this was our last BM
- VPN in use and we had to kill it..

-capture was done via packetscan