I was posed this question and I'd like to know what you think.

A customer network has one internet connection with one Cisco pix 501. They have two VPN tunnels configured: one is for remote clients and one is a site to site. The client are dished out a range of IPs that reside on the network proper (carved out of the DHCP range), say 192.168.10.100-150. The site to site gives access to the 10.1.1.0 network.

the question is: Can the remote VPN users access the 10.1.1.0 network directly or would they have to hop from one of the internal machines? In other words can I tunnel in and then out the same interface? I'm thinking not so much.

Let me know if the description is too vague or if you need other information.