Hi

I am building Site to Site VPN. 1 Site will be using Single IP 192.168.96.5 for all vpn traffic for example SiteA(1.1.1.1) will be sending vpn traffic as 192.168.96.5/32.

I have to this statement

static (inside,outside) 192.168.96.5 access-list MAINSITE-PolicyNAT

but it's not accepting, giving  error saying "global address overlaps with mask"

Thanks.

What firewall are you using for this VPN (model/version)?

If you're trying to NAT 1.1.1.0/24 network to 192.168.96.5, you'll need to remove your statements:

access-list nonat extended permit ip host 192.168.96.5 10.0.0.0 255.0.0.0

nat (inside) 0 access-list nonat

"nat (inside) 0" negates your translations for the 'nonat' ACL.

If you're wanting to 'PAT' hosts from SiteA on the 1.1.1.0/24 network to 10.0.0.0/8 network (MAINSITE), with 192.168.96.5/32 as your source, then you'll need a statement like:

object-group network MAINSITE

network-object 10.0.0.0 255.0.0.0

object-group network SITE_A

network-object 1.1.1.0 255.255.255.0

access-list SITE_A_NAT extended permit ip object-group SITE_A object-group MAINSITE

nat (inside) 2 access-list SITE_A_NAT

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 2 192.168.96.5 netmask 255.255.255.255

or

global (outside) 2 interface

Thanks cflory. One more question . I am using ASA 5505.

If I am sitting on Main site and how can I access device which is on remote site 192.168.1.50 which is patted in vpn tunnel 192.168.96.5/32?