I have a PIX 515 and an ASA 5505 (8.4 code). The PIX is currently working with a tunnel to a 3rd party vendor. I need to replicate the function on the ASA (new ISP link).
The unusual bit in the PIX VPN config is the inside LAN is NAT'd to one of the PUBLIC IP's before it goes into the tunnel - i.e., traffic from my LAN comes out on the remote side as a single PUBLIC IP from my public IP space.
I'm not sure how to do the same in the ASA 8.4 code.
From the working PIX:
My internal network space is NAT'd to 66.x.y.119 by the "nat/global 2"
crypto map vpn_map 10 ipsec-isakmp
crypto map vpn_map 10 match address acl_east
crypto map vpn_map 10 set peer 63.y.y.214
crypto map vpn_map 10 set transform-set xform_set
access-list vendor_nat permit ip 192.168.0.0 255.255.252.0 199.x.x.0 255.255.255.0
access-list acl_east permit ip host 66.x.y.119 199.x.x.0 255.255.255.0
nat (inside) 2 access-list vendor_nat 0 0
global (outside) 2 66.x.y.119