Hi there,
Indeed a VPN tunnel must be established between public IPs (if going through the Internet).
If the ASA at one side has a private IP, but the ISP provides a one-to-one static NAT, then you can terminate the tunnel at the public IP (NATed IP).
The requirement is that the ISP must redirect all traffic to your private IP (as it will do if having a static NAT).
Hope it helps.
Federico.