The problem is: Within the LAN have remote access virtual machines, including the VM's (xx1.11 and xx1.26).
Working through vpn in remote location, have access to the entire LAN, have remote access to all machines in the domain, not only have access to the virtual machine (xx1.11 and xx1.26).
You can see the network scheme on this link: