Please see my config below. I have 2 site to site VPNs setup and a pool of Remote VPN users. The site to site VPNs have overlapping private network ranges (192.168.1.x) with my private range which I use for both the hosts that site behind my firewall as well as the remote users (bad practice I know, I'll correct it soon). I've successfully allowed the Site to Site VPN users to access the PUBLIC IP address of 2 specific hosts behind my pix. My remote VPN users can access the 2 specific hosts via the PRIVATE IP addresses only. All other public traffic to the two hosts should be blocked. The problem is, I want the Remote VPN hosts to access these 2 specific hosts by using the public IP address via the VPN tunnel...if I do this now, it uses the internet to resolve the IP and thus gets blocked since no outside traffic is allowed to those hosts. How can I make the traffic to the two hosts go over my remote VPN instead of the internet when split tunneling?