we use one BM3.8SP3 Server on NW6.0 Platform.
VPN 1.0.0.x

VPN to the local LAN, where BM resides, works fine. The problem is the
connect to the other subnet: a normal ping works fine, but e.g. telnet to
one machine does not work.

The machine on the 172.23. subnet has a manual route entry:
route -p add mask

I used Craig's fantastic book, but found no solution. Also going through
different news. One solution, written by Caterina (dynamic NAT on private
interface), seemed to help, but we use BM not only for C2S, also for DMZ
with webserver, ... and so I had to remove the dynamic NATting.

Any ideas?