Variable state entry timeouts?

(This issue is on a NAT'ing router running ipfilter 4.1.23, on a
NetBSD 4.0beta machine. i386.)


I have a problem getting the Nortel Contivity client working
properly on a windows machine in my house. It seems to just "lose
connection" to the VPN server after 5-10 minutes. Looking at the
traffic flow, I'm not 100% sure what's wrong. Things seem to work
just fine, until at some point, for some unknown reason, the windows
machine doesn't send any outgoing traffic on the NAT-Traversed UDP
session for long enough that ipfilter/ipnat closes down the return
path for UDP data. UDP traffic "keep state" entries are kept open
for 60 seconds? Is there any way, perhaps even for a specific rule,
to change the amount of time a UDP return path state entry will
remain open without expiring?

Thanks. I don't think this is what's causing the problem, I think
it's likely some windows craziness. But, if I was able to increase
that timer to something more like 5 minutes, I think it may allow me
to work around whatever *is* causing the problem.

Thanks!

- Chris