This helps loads with the Ping but - can you also help with the Public - Private IP VPN bit too ?

Once you've got the public IP assigned to the outside interface. Setting up the additional access should be pretty easy. All you need is a static statement and an ACL for inbound access to your webserver and you can use the outside interface of the firewall for outbound PAT.

This document should help:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml

Thanks Eddie - I will try this and let you know again in the morning - I am working in Germany . getting late here :-)

Sorry eddie - this didn't solve my main problem - everything else is gone now though.....here a little drawing with a few exaple IP's in it - maybe this makes more sense of what I am trying to do

So, you've got 12.12.12.1 assigned to the outside interface of your ASA?

Now all you need to do is configure a static and ACL to permit inbound access to your webserver:

static(inside,outside) 12.12.12.2 192.168.1.x netmask 255.255.255.255

access-list outside_in permit tcp any host 12.12.12.2 eq 80

access-group in interface outside

To allow outbound access from your internal clients (will use the outside IP address of the ASA for PAT) you need the following:

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

I won't go into configuring a remote access VPN here, but this document should guide you:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml#cli

Eddie,

Configured on the outside interface I have 10.250.250.5

So how do I assign the 12.12.12.1 to the same interface so that I can have the ASA accept IPSec connections to this IP ?

This is what I do not understand.

I think you're only options here would be to set up a static NAT translation on your ISP router (12.12.12.1 -> 10.250.250.5)

(Not sure if this will work with VPN's though)

OR

Reconfigure the ASA to have 12.12.12.1 assigned to the outside interface.