Hi,
You can have your remote users to be able to access multiple subnets behind your Router/PIX/VPN3K, just make sure that if you have split tunneling configured they are included in that, in case of ALL tunneling its not an issue at all, offcourse make sure that users on 172.16/16 and 172.17/16, can route traffic back to pool of IPs that you are assigning to your remote access VPN users!
Let me know, if you have any further Qs.
Thanks,
Afaq