My reading seems to suggest that DNS Doctoring will be incompatible across a site-to-site VPN with an overlapping network range.
I wish to setup an AD trust / DNS Forwarding between 2 x sites. I have a Domain Controller / DNS server on Site A: 10.0.1.0/24 and a remote site, Site B: 10.0.5.0/24 (reachable via a site-to-site VPN) that needs to access it. The problem is that Site B is connected to a WAN on which another office is connected that also uses 10.0.1.0/24. Clearly NAT is required to translate the overlapping addresses space between Site A and B.
When building the crypto ACL using twice NAT I don't believe that I can use DNS doctoring to translate the A record for 10.0.1.1 to 192.168.1.1 as Object NAT (with the DNS keyword) won't be matched, i.e. twice NAT will take priority. See end of the following URL.
I'm assuming that my best course of action is to use a second Firewall behind my ASA (VPN Firewall) to do the translation of the A Record for the remote site and then the ASA (VPN Firewall) for the VPN itself.
Can anyone offer any guidance please.