We have a business partner that we are setting up a L2L VPN with. Their internal host's IP overlaps with our internal IP range. Unfortunately they're not offering to NAT on their side. Is it possible on the ASA to setup a NAT so that my internal hosts go to say 220.127.116.11 and the ASA changes it to the remote end's internal address that is overlapping?
If this is the scenario
192.168.5.0 <---> ASA1 <-- Internet --> ASA2 <-- 192.168.5.0
ASA1 (NAT will be applied)
ASA2 (No nat will be applied)
You will want to do something like this on ASA1
Change your source host or network to be 192.168.7.0 when communicating to the remote network. Change the remote network to come in as 192.168.8.0 when coming into your network on the ASA.
!-- Match ACL
access-list acl_match_VPN permit ip 192.168.7.0 255.255.255.0 192.168.5.0 255.255.255.0
!--- NAT ACL
access-list vpn_nat permit ip 192.168.5.0 255.255.255.0 192.168.8.0 255.255.255.0
static (outside,inside) 192.168.7.0 192.168.5.0 netmask 255.255.255.0 0 0
static (inside,outside) 192.168.8.0 access-list policy-nat
Now complete the VPN config using acl_match_VPN as the match ACL.Your internal host will need to use the 192.168.7.0 network when talking to the remote end.
Hope this helps.