I appreciate your help in getting me to understand what is happening with this config. It's doing my head in and Im making a mess if it.
I am not wanting to do NAT. A mGRE tunnel is going to be running through throug the ACCNT and Inside interfaces, of which ACL's have not been figured into the config. The tunnel endpoints are 172.16.4.6 and 172.16.4.138 across a WAN. No provisioned any ACL's yet.
What I am hoping to achieve is to be able to have a management station on 20.112 ping through the PIX to poll router / switch interfaces, and also have a mGRE tunnel through the ACCNT and Inside interfaces to routers a few hops away. The only other consideration is that routers on the Outside and ACCNT interfaces will need to have access to TACACS and be able to ping / telnet other router loopback addresses.
I would be very grateful for your assistance.