i think you would need another acl (VPN to store) and NAT 0 for storeaccess-list store_nat0_outbound ip any 192.168.100.0 255.255.255.240nat (store) 0 access-list store_nat0_outboundIf i am not wrong those statements should help getting the VPN clien...
If you have an CISCO ACS you might be able to achieve this easily.There is an open tacacs server too.http://www.networkingforums.nethttp://www.jffnms.orgThanks,Naveen