Using BM3.8 SP3 + IR1 and IR2beta and Authgw.nlm from SP4beta.

BM server is in DMZ (using Netscreen) and only 1 network card.
Routing is configured on Netscreen so IP range for VPN Clients is
routed to the BM server.

VPN Client can connect and gets policies.

I have put a sniffing tool in the DMZ zone.

Following situation:
1) VPN Client ping to station in trusted zone:
- On sniffer, I see ICMP echo from Client to PC and ICMP echo reply
going back to the MAC address of the BM server.
- ping timout on the VPN Client

2) PC in trusted zone ping to VPN Client:
- Can only see ICMP echo to MAC address of BM server, no reply.

3) PC in trusted zone ping to BM IP address of VPN tunnel works OK.

4) Ping from BM server to VPN Client: no response

On the VPN client statistics, I see only encrypted packets for
transmit, none for receive.

On the BM server VPN Monitoring, activity, Client, there are only
recived packets, none sent.

There are no filters active on the BM server

Is this a routing problem, or something else?