I have a PIX at "HQ", which authenticates users on an inside ACS server (Cisco 2.6) using VPN Groups. The inside LAN is 192.168.1.0/24, remote users get an address from the 192.168.6.0/24 pool. Remote users have full access to inside LAN, works great. Now...our remote office is also behind a PIX. They are on the 192.168.2.0/24 subnet. users on the .1 and the .2 subnet can see eachother fine, there is a a IPSEC tunnel btwwn the 2 PIX's. DIAL in users on the .6 subnet, while they can access the .1 'net, can't access the .2 'net, no matter what I do with access lists, authentication, or phases of the moon. Pix version is 6.1.0. Users are using 3.1.1 Cisco VPN client on W2K. Any ideas? Help?