We are trying to establish a site-2-site VPN between 2 ASA 5520s the remote side is out of my control. ASA-A(my side) is only performing VPN functionality, ASA-B(remote) is performing Firewall and VPN functionality. The remote side's internal network must be NAT'd. There are several IP nets behind the remote. We want to NAT the remote internal nets to 1 IP address. It appears that when a device on the remote, internal network initiates traffic, ASA-A(my side) drops the traffic as it appears to be sourced from the internal IP address rather than the expected single NAT address. Based on the ACLs, the traffic is dropped. Can the traffic originiating on the ASA-B remote network be translated prior to entering the VPN tunnel? If so how is this performed?