Protection fail when using VPN server (3.* x32)

I have set up following scheme:

Interface 1 – my ISP’s LAN with external internet via VPN (IP 10.)
Interface 2 – VPN client to connect to ISP (IP that is logged now :))
Interface 3 – VPN server (Incoming Connections in winxp) (IP 192.168.
)
3 is NATed to 2 (via ICS)

Events:

– I connect to ISP
– Someone from LAN connects to my VPN
– This someone disconnects
– CIS stops monitoring interface 2. Any program can pass through it and also it is not shown in active connections. I need to reconnect to restore protection.

This bug appears in all versions I tried (starting from 3.5, maybe older too)

ps. for completeness: 32 bit, WinXP SP3, Avira Personal, any configuration, admin account
ps2. difficult to find a firewall that works flawlessly with my setup :frowning: