Config at ASA (ASA.txt file attached)
Mapping global-policy, use below command to map it .
(config)# service-policy global_policy global
Similarly security level is same for both inside & internal , so use below command to pass traffic between both interface .
(config)# same-security-traffic permit inter-interface
When user say , user have 1 Public IP address . Is this IP address is assigned to router interface or its unassigned separate IP address?
If its unassigned Public IP address , user can do Static NAT with ASA outside IP address to Public IP address on router like below
ip nat inside source static 192.168.100.2 100.100.x.x
This way user have to complete IP to IP NAT .
If user have got only single IP address which is assigned to router interface then user need to port nat as said:
For VPN Gateways that run Cisco IOS Software Releases earlier than 12.2(13)T, the IPSec pass-through feature is needed on the router that performs PAT to allow Encapsulating Security Payload (ESP) through.
Note: This feature is known as IPSec through Network Address Translation (NAT) support in Software Advisory (registered customers only) .
In order to initiate the tunnel from the local (PATed) peer, no configuration is needed. In order to initiate the tunnel from the remote peer, these commands are needed:
ip nat inside source static esp inside_ip interface interface
ip nat inside source static udp inside_ip 500 interface interface 500
the networks are:
172.25.0.0 (inside of ASA) A.A.A.A (outside of ASA) is needed to connect to IOS Router B.B.B.B address with 192.168.1.0 inside network