No Virtual IP is needed

That does not work eiher, since the whole point of Network Extension Mode (NEM) is to allow full visibility of two networks without Virtual IP so that I can see main mainASA-side and remote-Digi-side in IPSec SA.

With Virtual IP I can connect from the remote-Digi-side, but cannot connect from main-ASA-side to remote, since it’s masqueared via this Virtual IP.