I have configured a RA VPN in a pair of Cisco ASA 5520 with LDAp authentication and local ip address pool. The RA VPN is working fine when I connect it from a direct internet with a public ip assigned to the client desktop without any firewall or inbound traffic restriction. But from office behind a firewall I can connect to the VPN but can not connect to any hosts over the VPN tunnel. The office Internet Firewall is configured to PAT all outgoing traffic without any inbound access. Can someone suggest what to configure in the VPN to allow connections via the vpn to the hosts behind the vpn when the vpn is being established from a PAT Global IP.