I am redesigning my ACL's. I have a dumb question for the "outside_access_in" ACL. This ACL controls traffic from the outside in. Servers which are in my DMZ are on a private range and the ASA is doing a static NAT for them. As I create the ACL should I only referance the public IP addresses since the ASA will translate them?