Ipsec tunnel with solaris10..what I miss?

I want to create a two Solaris10 tunnel encrypted with ipsec.Configuration is simple: 2 solaris10 nodes,lan not encrypted,tunnel encrypted. Lan is e1000g0 and tunnel is ip.tun0 Ip "clear" for node1 is 192.168.0.21 Ip "clear" for node2 is 192.168.0.199 I do this procedure a)Enabled ipv4 forwaring and routing in both nodes routeadm -u -e ipv4-routing routeadm -u -e ipv4-forwarding b)Edited /etc/inet/ike/config on both nodes p1_xform { auth_method preshared oakley_group 5 auth_alg sha encr_alg 3des } p2_pfs 2 c)Edited /etc/inet/secret/ike.preshared on both nodes,of course with reverse local/remote { localidtype IP localid 192.168.0.21 remoteidtype IP remoteid 192.168.0.119 } d)Enable IKE on both nodes,svcs confirm is working svcadm enable ike svcs ike e)Edit file /etc/inet/ipsecinit.conf # LAN traffic to and from this host can bypass IPsec. {laddr 192.168.0.0 dir both} bypass {} # WAN traffic uses ESP with AES and SHA-1. {tunnel ip.tun0 negotiate tunnel} ipsec {encr_algs aes encr_auth_algs sha1 sa shared} f)Refresh.. svcadm refresh ipsec/policy g)Seems all ok,so I create the tunnel svcs -a|grep -i ipsec disabled 9:35:34 svc:/network/ipsec/manual-key:default online 9:35:53 svc:/network/ipsec/ipsecalgs:default online 9:35:53 svc:/network/ipsec/ike:default online 9:54:38 svc:/network/ipsec/policy:default On HostA ifconfig ip.tun0 plumb ifconfig ip.tun0 192.168.192.24 192.168.192.40 tsrc 192.168.0.21 tdst 192.168.0.199 router up On HostB ifconfig ip.tun0 plumb ifconfig ip.tun0 192.168.192.40 192.168.192.24 tsrc 192.168.0.199 tdst 192.168.0.21 router up Seems all OK but..don't work. HostA can ping HostB ping 192.168.0.199 192.168.0.199 is alive HostB can ping HostA ping 192.168.0.2 192.168.0.2 is alive But If I ping the tunnel... From HostA to HostB ping -s 192.168.192.40 PING 192.168.192.40: 56 data bytes ----192.168.192.40 PING Statistics---- 25 packets transmitted, 0 packets received, 100% packet loss From HostB to HostA ping -s 192.168.192.24 PING 192.168.192.24: 56 data bytes ----192.168.192.24 PING Statistics---- 25 packets transmitted, 0 packets received, 100% packet loss on hostA netstat -rn said netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- default 192.168.0.1 UG 1 1 192.168.0.0 192.168.0.21 U 1 3 e1000g0 192.168.192.40 192.168.192.24 UH 1 0 ip.tun0 224.0.0.0 192.168.0.21 U 1 0 e1000g0 127.0.0.1 127.0.0.1 UH 1 48 lo0 On HostB netstat -rn said Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- default 192.168.0.1 UG 1 2 e1000g0 192.168.0.0 192.168.0.199 U 1 7 e1000g0 192.168.192.24 192.168.192.40 UH 1 1 ip.tun0 127.0.0.1 127.0.0.1 UH 3 122 lo0 What I miss?Firewall is disabled on both nodes.