I have a pix to pix vpn that encrypts and works well for the 2 inside lans. Pix A is set up for vpn clients as well. From a connected vpn client to pix A what is needed to direct traffic that is destined to pix B inside lan over the established ips...