I have a client with an 5510 ASA with three interfaces configured: outside, dmz and inside. Outside and dmz are real ip addresses. The client wants a remote vpn to the network. The IP the vpn clients must connect to is the IP of the dmz interface of the ASA and they must have access to the inside network. I can't seem to make this work. What do I need to configure for this? I tried a vpn on the dmz interface and access-lists allowing access to the interface from the outside but it doesn't work. I also tried a dynamic nat policy stating that anything coming on the outside interface for the dmz interface ip is to be translated to the outside interface ip and I configured the vpn on the outside interface but this doesn't work either. Any ideas?