I have a site to site vpn setup between country A and country B. We are using cisco pix515e on both sites. In country A our cisco pix515e is connected to 3 networks, office(192.168.x.x), dmz(172.16.x.x) and external. With the site to site vpn established country B office network is able to access country A dmz(172.16.x.x). We did not allow office(192.168.x.x) to be accessible via site to site vpn due to security. However country B need to access a server in country A office network. I did a NAT for 192.168.1.100 to 172.16.2.100. All my dmz servers can access my office server via 172.16.2.100 hence the NAT is working fine. But country B office network (192.168.5.x) could not access 172.16.2.100. My office server 192.168.1.100 gateway is pointing to my cisco515e. Why can't country B access my office server 192.168.1.100? Pls advise. Thks in advance.