I have an ASA5510, and site-to-site VPN with several remote clients. I have to add another client but their network range overlaps an existing tunnel. Both are using 172.16.0.0/16. I would like to 1-to-1 NAT them as 172.17.0.0/16.
Is it possible to perform the NAT on my device, post-decryption, or is it necessary that I have them perform the NAT at their end?
thanks,
Rick
That sounds like a No -- as it seems to lead to having 172.16/16 in SA's on two tunnels, which I'm much more confident in saying it won't work.
Policy based nat seems to revolve around IP addressing, and is not able to attach a NAT policy to a tunnel group.