So you need a static translation between dmz and outside.you need an outside acl on the asa for udp/500 udp/4500 and ip protocol 50.you need and acl on the dmz for the ip protocol 50.I would take a packet capture on the asa outside interface filterin...
you can control traffic entering the asa from a distant vpn site by filtering via the outside acl or via and acl applied in group policy for the vpn connection. the sysopt mentioned in this post will control whcih method wroks best.Sent from Cisco Te...