How to use ipsec-tools to setup a Cisco Ipsec VPN server?

I tried to use ipsec-tools to setup a Cisco Ipsec VPN server on my openSUSE 13.1 VPS, and I can normally connect to this VPN, but can not cross this VPN to visit internet except server IP address.

My configuration:


log info;
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";

listen {

remote anonymous {
        exchange_mode main,aggressive;
        doi ipsec_doi;
        nat_traversal on;
        proposal_check obey;
        generate_policy unique;
        ike_frag on;
        passive on;
        dpd_delay = 30;
 dpd_retry = 30;
 dpd_maxfail = 800;
 mode_cfg = on;
        proposal {
                encryption_algorithm aes;
                hash_algorithm sha1;
                authentication_method xauth_psk_server;
                dh_group 2;
  lifetime time 12 hour;

        natt_keepalive 20 sec;

sainfo anonymous {
        lifetime time 12 hour ;
        encryption_algorithm aes,3des,des;
        authentication_algorithm hmac_sha1,hmac_md5;
        compression_algorithm deflate;

mode_cfg {
        save_passwd on;
        pool_size 250;
        banner "/etc/racoon/motd";
        auth_source system;
        conf_source local;
        pfs_group 2;
 default_domain "local";

Edit sysctl.conf:

net.ipv4.ip_forward = 1

Configure iptables:

iptables -A INPUT -p udp --dport 500 -j ACCEPT
iptables -A INPUT -p udp --dport 4500 -j ACCEPT
iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
iptables -A FORWARD -s -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward