After authentication to the VPN C2S server the client can't ping any
corporate IP addresses.


Facts:
NW6.5sp1, BM3.8, VPN C2S:

- BM PUB IP: 100.100.100.100
- BM PRV IP: 10.20.30.2 / 255.255.0.0
- BM is not the default router. Cisco 3600 is the main prv router (IP10.20.30.1 / 255.255.0.0). He is configured to direct all traffic from

corporate lan for destination 0.0.0.0 to 10.20.30.2.
- BM is configured to direct all traffic for destination 0.0.0.0 to
pub
router (IP 100.100.100.200)
- VPN C2S is configured in iManager 2.0. The rule is configured to
give one
IP address from pool 10.20.90.1 - 10.20.90.10 for authenticated VPN
client.
- VPN Client's PUB IP is 195.195.195.195 (that's the SDI router) and
he is
behind NAT. His PRV IP is 192.168.7.2 and the SDI router is
192.168.7.1

The VPN Client is successfully logged by VPN Client 3_8 with NMAS
authentication. The the tab of VPN connection properties is showing
his IP
and 10.20.90.1 (first from assigned pool). But he can't ping
10.20.30.2,
10.20.30.1 and nothing. All packets are transmitted but no reply.
I have checked the situation by the PKTSCAN utility on my BM. Packets
are
captured on two interfaces (PUB and PRV) of BM. When the client is
authenticated via VPN and ping 10.20.30.2, there's no packets captured
by
PKTSCAN (even on PUB interface). But when the client ping
100.100.100.100,
PKTSCAN has captured UDP encrypted packets (probably with ICMP ECHO
REQUEST
to 100.100.100.100 - i don't know becouse they are encrypted). So I
think
that's no routing between vpn and prv interfaces or between pub and
prv.
Or pool assigned to VPN connection (10.20.90.1 - 10.20.90.10) doesn't
have
the valid mask 255.255.0.0 so it can't reach the main corporate router

10.20.30.1 / 255.255.0.0.
Any suggestions my friends?

Do you know how Novell VPN works inside the server? I mean how is therouting from authenticated VPN client
behind NAT to PRV LAN interface od BM? That's the trouble, that's the
black
magic...

stay QL