We have currently set up our remote access VPN clients to use the AnyConnect client (eventually we would rather use IPSec, but that's for another post, most likely). Most documentation shows setting up the VPN NAT pool on a different subnet, so we currently have it set to the 192.168.3.0 network. We are able to access the network resources then only if we remote desktop in from there to an internal location. How can we allow this subnet access to our internal resources without using this workaround? I've tried assigning ACL's allowing that subnet in to the internal subnet, but it doesn't seem to make a difference.