Sure, on the main site ASA, you can set something up like this....
same-security-traffic permit intra-interface
global (outside) 1 interface
nat (outside) 1
nat (outside) 1
etc...
You will also need to confirm that all traffic from the remote sites is traversing the tunnel. Something like....
Remote ASA
access-list crypto1 extended permit ip any
access-list inside_nat0_outbound extended permit ip any
Main ASA
access-list crypto1 extended permit ip any