I am trying to configure an IPSEC VPN gateway.  Basically, I am
following the information on the NetBSD documentation

	  http://www.netbsd.org/docs/network/ipsec/rasvpn.html

and am using the example files in
/usr/share/examples/racoon/roadwarrior with IP addresses changed as
appropriate.

The IPSEC connection starts fine and I can connect to the VPN gateway
with no problems.  However, I am having trouble getting packets beyond
the gateway.

Here is an outline of the current network arrangement:

VPN client <--- [intermediate hosts on [A/24] ---> VPN gateway
IP: 10.0.1.4					   IP: [A]
VPN client IP: [B]				   ARP: pub [B]

[A] -- public IP address of gateway
[A/24] -- public network of gateway
[B] -- public IP address of client assigned by racoon (within [A/24])

Packets from the client to the gateway are fine and involve NAT
traversal as expected (which occurs in the intermediate hosts
connecting the client to the network).  However, packets to other
hosts within the public network [A/24] seem to be lost.

First, I am a bit uncertain if this is a legitimate configuration.
However, something similar worked fine if all the addresses involved
were within the 10.162.41.0/24 network.  In that case, the packets
from the client came into the gateway on its public interface and were
routed to the 10 net.

Second, is it possible to make the VPN client appear to be on the
public portion of the gateway network as illustrated above?  I must be
missing something obvious here.

Any help is greatly appreciated.

Thanks.

Cheers,
Brook