Ok. What I want to do seems quite simple, but whatever I just can't\nquite get the pieces to mesh. I have a pix 501 that I'm trying to\nconfigure to provide VPN access to our local network for clients\nrunning the Cisco VPN client 4.x.\n\nOur network is seperated into VLANS, but uses public IP's for most\nmachines. I'll use fake numbers for my examples though. The Outside\ninterface has a public IP of 22.214.171.124. This is connected to our\nDMZ VLAN. The "Inside" interface has a public IP of 126.96.36.199,\nwhich is connected to a separate VLAN.\n\nWhat I want to do is have the VPN clients connect to the outside\ninterface, get a private IP (from 192.168.2.0/24) and then be NAT'd\n(PAT) to the inside interface IP of 188.8.131.52. That way, the\nrouting meshes with everything because all the VPN client traffic\nwould appear to come from the interface IP of the pix. In all the\nvarious permutations of configurations I've done, it ends up with the\nclient computer connecting, getting a 192.168 address, and then it\nmerely passes through the IP un-NAT'd (i.e., the servers on the local\nnetwork see connections coming in from 192.168.2.x). I can make this\nwork by adding static routes to direct traffic destined for\n192.168.2.x to the PIX, but I'd rather have it just NAT everything to\nmake things cleaner.