Dear all
I have 3 subnetwork in my lan ( 192.168.1.0/24 ( net_a),

192.168.2.0/24(net_b), 172.16.0.0/16(net_c)).

I made vpn tunelin from net_a to net_b also to net_c.
net_b--(vpn-client_b_to_a)--internet

---((vpn_gw_a)net_a)---lan--(vpn_client_a_to_c)---internet--((net_c)vpn_gw_c)
Bellow network skema:
- vpn_client_b_to_a :

ip: 192.168.2.1

ipsec.conf :

a_lan="192.168.1.0./24"

b_lan="192.168.2.0./24"

vpn_gw="my ip pubcli vpn_gw"

ike esp from $b_lan to $a_lan peer $vpn_gw pask mypassword

ike esp from egress to $a_lan peer $vpn_gw pask mypassword

ike esp from egress to $vpn_gw

static routing :

route add 192.168.1.0/24 192.168.2.1

---------------------------------------------------------------
- vpn_gw_a :

ip: 192.168.1.5

ipsec.conf :

a_lan="192.168.1.0./24"

b_lan="192.168.2.0./24"

vpn_gw="my ip pubcli vpn_gw"

ike esp from $a_lan to any srcid  $vpn_gw pask mypassword
static routing :

route add 172.16.0.0/16 192.168.1.3

---------------------------------------------------------------
- vpn_client_a_to_c :

ip: 192.168.1.3

Nokia-ip60 (setup vendor )

static routing :

route add 192.168.2.0/24 192.168.1.5

---------------------------------------------------------------

======================================

I can akses comp in net_a from net_b ( ping running application etc)

I can remote comp in net_b from net_a ( ping , remote , print (

jetdirect ), etc )

I can remote desktop citrix in net_a to net_c

=======================================

Then i want net_b can acces remote citrix in net_c , so i made static routing :

--- 192.168.1.3 ping statistics ---

2 packets transmitted, 2 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 3.759/3.906/4.054/0.160 ms
#route add 172.16.0.0/16 192.168.1.3

#error network can be reached
so how i cant made net_c access able from net_b ?
for detail my network please see in

http://sonjaya.web.id/boboko/vpnsitensite.pdf
--

sonjaya

http://sicute.blogspot.com