Hello to everyone :)

How are you :). I got some task, I must configure IPSec Site to Site tunnel, between ASA (7.x.x) and Cisco Router 2911 (IOS 15.x). I must configure rouer 2911, with NAT (overload), 

We planeed our traffic to NAT in 10.253.191.229, and send through IPSec. I think, we must use 2 Access lists, one for NAT, and secound for Cypto map.

ACL for NAT

ip access-list standard NAT
permit 192.168.1.1 0.0.0.0
ip nat inside source list NAT pool IPSEC overload   in IPSEC pool We have only one IP address, in this case, 10.253.191.153

I will put nat outside on interface g0/1, and nat inside on some subinterface

I never did something like that, NAT to IPsec + with sub interface, I only worked with NO NAT rule., any help :) ???

ACL for IPSec CyptoMAP

Extended IP access list ACL_VIP
10 permit tcp host 10.253.191.153      host 10.253.170.24 eq 1900
20 permit tcp host 10.253.191.135      host 10.253.170.23 eq 1900

crypto isakmp policy 70
encr aes 256
hash sha
authentication pre-share
group 2
crypto isakmp key XXxxXXXxx address IP_ADD

crypto ipsec transform-set TSet esp-aes 256 esp-sha-hmac
crypto map VPN 70 ipsec-isakmp
set peer IP_ADD
set transform-set TSet
set security-association lifetime seconds 3600
match address ACL