Is it possible to create a policy based VPN between a CSR and an ASA on AWS? I'm a little thrown off because on AWS, the public IP is NATed to the CSR, so I'm not sure how the shared key lookup is supposed to work. I don't think I can use VTI, becaus...