I have already configured IPSec VPN between router and ASA.

That is possible to reach hosts from remote location 192.168.201.0/24 via VPN to dmz-vlan13?

So I need traffic from 192.168.201.0/24 via VPN to be pated to the DMZ-13.

In log I found :

No translation group found for icmp src outside:192.168.201.2 dst dmz-vlan13:192.168.7.101 (type 8, code 0)

How is in such situation configure NAT/PAT?

Config partly:

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 1.1.1.2 255.255.255.252

interface GigabitEthernet0/2.13

vlan 13

nameif dmz-vlan13-proc

security-level 40

ip address 192.168.224.74 255.255.255.252

access-list outside_access_in extended permit icmp any host gw-outside

access-list inside_nat0_outbound_1 extended permit ip iib-inside-network 255.0.0.0 ATM-Network-201 255.255.255.0

access-list dmz-vlan13-nat extended permit ip host 10.0.11.73 host 192.168.225.101

access-list dmz-vlan13-nat extended permit ip host 10.0.11.73 host 192.168.225.97

access-list dmz-vlan13-nat extended permit ip host 10.0.2.27 host 192.168.225.101

access-list dmz-vlan13-nat extended permit ip host 10.0.2.27 host 192.168.225.97

access-list dmz-vlan13-nat extended permit ip ATM-Network-201 255.255.255.0 host 192.168.7.101

access-list dmz-vlan13_access_in remark # Allow all ip from dmz-vlan13-proc - from any

access-list dmz-vlan13_access_in extended permit ip any any

access-list outside_1_cryptomap_1 extended permit ip iib-inside-network 255.0.0.0 ATM-Network-201 255.255.255.0

access-list outside_1_cryptomap_1 extended permit ip ATM-Network-201 255.255.255.0 iib-inside-network 255.0.0.0

access-list outside_1_cryptomap_1 extended permit ip ATM-Network-201 255.255.255.0 192.168.7.0 255.255.255.0

access-list outside_1_cryptomap_1 extended permit ip 192.168.7.0 255.255.255.0 ATM-Network-201 255.255.255.0

access-list outside_1_cryptomap_1 extended permit ip 192.168.224.0 255.255.255.0 ATM-Network-201 255.255.255.0

access-list outside_1_cryptomap_1 extended permit ip ATM-Network-201 255.255.255.0 192.168.224.0 255.255.255.0

global (outside) 1 interface

global (dmz-vlan13-proc) 2 interface

nat (inside) 0 access-list inside_nat0_outbound_1

nat (inside) 2 access-list dmz-vlan13-nat

nat (inside) 1 iib-inside-network 255.255.0.0

static (dmz-vlan13-proc,inside) 192.168.225.97 10.0.11.97 netmask 255.255.255.255

static (dmz-vlan13-proc,inside) 192.168.225.101 192.168.7.101 netmask 255.255.255.255

access-group outside_access_in in interface outside

access-group dmz-vlan13_access_in in interface dmz-vlan13-proc

route dmz-vlan13-proc 10.0.2.1 255.255.255.255 192.168.224.73 1

route dmz-vlan13-proc 10.0.11.97 255.255.255.255 192.168.224.73 1

route dmz-vlan13-proc 192.168.6.0 255.255.255.0 192.168.224.73 1

route dmz-vlan13-proc 192.168.7.0 255.255.255.0 192.168.224.73 1

route dmz-vlan13-proc 192.168.224.0 255.255.255.0 192.168.224.73 1

route dmz-vlan13-proc 192.168.225.0 255.255.255.0 192.168.224.73 1

crypto ipsec transform-set ........

crypto map outside_map 1 set security-association lifetime seconds 28800

crypto map outside_map 1 set security-association lifetime kilobytes 4608000

crypto map outside_map0 1 match address outside_1_cryptomap_1

crypto map outside_map0 1 set peer 1.1.1.1

[..]

crypto isakmp enable outside

crypto isakmp policy 1

[..]

Thanks a lot!