First I must admit that I'm newb with Cisco firewalls.
I have situation where I have customers servers with public IP address behind ASA 5510. Addresses are not natted. Some Customers wan't to access their server via VPN connection. Do I have to give them a virtual IP that is also public and from the same pool that the ASA inside interface is when they make VPN connection to ASA? ASA inside interface is servers GW. Can I control that that one customer can only access certain server because all servers are on the same VLAN and different customer servers are separated only with protected ports.