I'm quit new to these boards so I'll try to explain my problem as best as I can.
If something is missing or incorrect pls inform me so I can update.
I want to do a local NAT before a VPN IPSEC because my internal range is allready know at the customers site. I've set up the static NAT rules and access policy.
Here you have the config as it is on the ASA right now.
Local server IP: 10.0.74.5
Required NAT address: 192.168.222.1
Customer range: 10.10.10.0/24
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set peer 184.108.40.206
crypto map outside_map 2 set transform-set ESP-AES-256-SHA
tunnel-group 220.127.116.11 type ipsec-l2l
tunnel-group 18.104.22.168 ipsec-attributes
access-list outside_2_cryptomap extended permit ip host 192.168.222.1 10.10.10.0 255.255.255.0
access-list outside_2_cryptomap extended permit ip host 10.0.74.5 10.10.10.0 255.255.255.0
static (inside,outside) 192.168.222.1 10.0.74.5 netmask 255.255.255.255 -> 1-on-1 NAT
I'm allowing this first before I start narrowing it down to only ftp!
access-list outside_access_in extended permit tcp any host 192.168.222.1
access-list outside_access_in extended permit ip any host 192.168.222.1
access-list outboundnat2 permit ip host 10.0.74.5 10.10.10.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 2 access-list outboundnat2
nat (inside) 1 0.0.0.0 0.0.0.0
Any help would be grately appreciated!