I need to allow users from our VPN subnet access to a webserver on our DMZ.
Both the inbound ACL's are correct, but I am unsure of what the translation would be.
Our VPN subnet is 172.16.140.0/24 and our DMZ is 172.16.110.0/24
Any help would be appreciated. BTW, this is an ASA5510
access-list No-NAT-DMZ extended permit ip 172.16.110.0 255.255.255.0 172.16.140.0 255.255.255.0
nat (DMZ) access-list No-Nat-DMZ
You had the acl above in your No-Nat acl, but that is the nat exempt for the inside interface. That acl would never match. So you simply have to create a nat exemption for the DMZ with the appropriate acl.