u mean the problem with makeing ACL for nat exmption right ?
if this the case
subnet the network into more sosific subnet VLSM
for example lets say the internal network is 192.168.1.0/24
and the vpn users use 192.168.1-14
then u may consider the 192.168.1.0 255.255.25.240 is the vpn subnet and match for nat examption and the rst for the local network
just the idea
good luck
if helpful Rate