This maybe a beginner question, but I only have production systems and really dont have a way to test it our properly. We have an ASA 5520 with multiple site to site tunnels. We have one tunnel already with one of the remote networks being 10.100.90.14. We have this IP address in a subnet configured as the remote network and as the destination address in the crypto map. We also have NAT exempt rules in place for our local network with the 10.100.90.14 address as the destination.
We have another tunnel that needs to be built that will have a different peer address, but is requiring a large number of subnets and at least one will have the same remote network/destination address in the crypto map and another VPN tunnel we already have in place.
Is this possible to do with a site to site tunnel without doing a static or dymanic NAT to another IP address?
I know with the physical networks you cant do this because of the static routes that are in place, but with the ipsec tunnels I am just not sure how this will work and as mentioned I am not able to test it.
Any guidance would be appreciated.
The crypto map acl defines the interesting traffic. If you have the same destination IP address ie. 10.100.90.14 then if the source ie. the IP address of the client on your network is the same for both tunnels then no it won't work and you will have to do some sort of NAT for one of the tunnels.