We have a PIX515e up and running. We currently have 5 site to site VPNs up and running and we have several users who connect to the PIX using the VPN client. I have a request for a new site to site VPN. The remote site is requiring us to use an 6.x.x.x address scheme to use for NAT. They want to connect to a 6.x.x.x address and have us translate that to one of several servers on our internal network. The 6.x.x.x range is not registered to us, but the remote site says they are routing that network through the VPN tunnel. I can't use a nat (inside,outside) 6.x.x.x 10.x.x.x statement because the internal box won't be able to access the Internet. I've been doing some searching and come across double nat but not sure what to do next. I've always NAT'd our registered addresses to internal addresses with no problems but this one has me clueless. Thanks for any help.