I have a site-to-site VPN tunnel between Office A and Office B via two Cisco Pix firewalls that performs beautifully. The problem is with Office C that connects with Office B via private T1. Office B can ping both A and C without fail, but Office A is not able to ping Office C. The two cisco routers terminating the T1 have the appropriate static routes and I have added the "route inside [Office-C's subnet] 255.255.255.0 [T1 router's ethernet IP]" to the PIX at Office B. Still cannot ping across from A to C. I don't have any routes added to the PIX at Office A (mainly because I don't know what that would look like thru the VPN) and the access list at Office A does not reflect an entry that looks like an entry created by the site-to-site VPN wizard ("access-list outside_cryptomap_20 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0"). When I tried to add "access-list o_c_20 permit ip office A netmask office C netmask" the VPN tunnel died between A and B (however, we were experiencing intermittent problems with Internet access at office B at this time and these problems have since been resolved, so the VPN could have died for another reason). What am I missing??