customer has vpn concentrator hanging off ASA dmz interface. Customer wants vpn tunnels moved to ASA. Hitch, the ASA has a static toward the dmz converting a 10 address to a 172 address before hitting concentrator so end point of tunnel refers to 172 address not 10 address. If I do the following should it work?
nat (inside) 99 access-list convert
global (outside) 99 172.x.x.x
access-list convert permit ip host 10.x.x.x host 220.127.116.11 (other end of the tunnel)