Below is the diagram that the VPN connection between Openswan server and CISCO A2A.

client A and B are remote hosts with static ips. client X and Y are behind the Cisco firewall.

I can see STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode in log. So the tunnel between openswan and cisco is up and running. But I cant even ping the client X from VPN1.

1. How do I configure client A to route traffic to client X through VPN1 ?
2. VPN1 iptable rules to catch the traffic coming from client A and then forward to CICSO?

Here is my ipsec.conf

conn Linux-to-CISCO
    type= tunnel
    authby= secret
    left= <Openswan IP>
    leftsubnets= { client A/32 client B/32}
    right= <CisCo IP>
    rightsubnets= { client X/32 client Y/32 }
    esp= aes256-sha1
    keyexchange= ike
    pfs= no
    auto= start