I have a PIX 506e IOS 6.3(5) and I want to make a VPN pool address available to inbound traffic. The scenario is that I have a wireless device which is behind a firewall from my provider. I have a VPN set up to allow the device to connect and it is assigned an address from a VPN pool. I would like to NAT that VPN pool address to the outside interface so that I can access the device from the Internet when it is connected to the VPN. Because the VPN pool is on the outside interface, the NAT is not allowed. What I want is for 'Some PC' in the diagram below to have access to 'Device'. Network: Inside--PIX--Internet--Firewall--Device | Some PC Connections: /IPSec Tunnel--Device Inside--PIX Some PC I've tried to double-NAT from the outside to a virtual interface on the inside and back to the VPN pool address, but it just results in kernel warnings in the syslog. I really don't want to use a prox on an inside machine. I would prefer to solve the entire problem on the PIX. Does anyone have any ideas? Thanks for your help and suggestions. Cheers, Tom