We have seven different buildings connected via a BM38 VPN with each building on it's own private subnet (192.168.x.10 etc.). What I'm having trouble with is a PC behind the firewall in any of the buildings is not able to access anything on a public secondary IP on a server in another building although they can via the primary IP (if it is set to that IP). For instance, our DNS and web server are set up so that, from the outside, a person can access an individual building's web site via DNS using secondary IP's instead of having to go to the main web page and click on a link to that building, i.e., building1.acme.com, building2.acme.com and so on. PC's on the private LAN in each building cannot access the secondary IP's on the web server and thus must go through the main web page, etc. Is this normal? Or am I dreaming that it should be possible?

Thank you for your suggestions and comments!