

   rdwarr -- internet -- (public address) nat dvce -- sg(4.10) -- 192.168.4.0/24
 


  I am able to bring all three connections up, however...., I am not able to 
  ping the public ip address of my sg1 server and I am able to ping some 
  ips in the 192.168.4.x range, however, when I try too use telnet I can not
  do that.

  suggestions are welcomed.


thanks and happy holidays to everyone.
esv

  
  here are my config files....

roadwarrior .....
========================================================================
# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces=%defaultroute
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=none
	# Use auto= parameters in conn descriptions to control startup actions.
	plutoload=%search
	plutostart=%search
	# Close down old connection when new one using same ID shows up.
	uniqueids=yes
	strictcrlpolicy=no
	nat_traversal=yes

# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
	keyingtries=0
	compress=yes
	disablearrivalcheck=no
	authby=rsasig
	pfs=yes

conn lan2lan
 	left=%defaultroute
 	leftsubnet=192.168.254.0/24
	leftcert=ttte.no-ip.com.pem
 	right=147.238.44.35
 	rightnexthop=147.238.44.36
 	rightsubnet=192.168.4.0/24
	rightid="blah...."
	rightrsasigkey=%cert
 	auto=add

conn road-lan
 	left=%defaultroute
	leftcert=ttte.no-ip.com.pem
 	right=147.238.44.35
 	rightnexthop=147.238.44.36
 	rightsubnet=192.168.4.0/24
	rightid="blah...."
	rightrsasigkey=%cert
 	auto=add

conn road
 	left=%defaultroute
	leftcert=ttte.no-ip.com.pem
 	right=147.238.44.35
 	rightnexthop=147.238.44.36
	rightid="blah......"
	rightrsasigkey=%cert
 	auto=add
=======================================================================

secure gateway.....

=======================================================================
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.



# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces=%defaultroute
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=none
	# Use auto= parameters in conn descriptions to control startup actions.
	plutoload=%search
	plutostart=%search
	# Close down old connection when new one using same ID shows up.
	uniqueids=yes
	strictcrlpolicy=no
	nat_traversal=yes
	# overridemtu=1430
	virtual_private=%v4:192.168.89.0/24

# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
	keyingtries=0
	compress=yes
	disablearrivalcheck=no
	pfs=yes
	authby=rsasig

conn lan2lan
	rightsubnet=192.168.254.0/24
	also=road-lan

conn road-lan
	leftsubnet=192.168.4.0/24
	also=road 

conn road
	left=%defaultroute
	leftcert=semex.com.mx.pem
	right=%any
	rightrsasigkey=%cert
	auto=add