I currently have a PIX 515E running 7.2 code. I have a remote access IPsec VPN tunnel set up. I have an inside interface with 192.168.1.1 255.255.255.0 with a few internal servers etc. The remote access VPN clients get an ip from a pool of 10.180.180.1-10.180.180.5. They can communicate with anything on the 192.168.1.x network fine, that part is simple. The problem I am looking for an answer to is to be able to route beyond the pix. So say that all the 192.168.1.x clients in the local office nat to a public ip of 18.104.22.168, which gives them access to the internet, and some other devices within our local AS that only allow that IP by a telnet / ssh ACL. Is it possible to have the remote access VPN clients nat to that public IP somehow over the VPN tunnel to give them access to the equipment beyond the firewall?