We currently have a set of servers that are up and running at a Colo facility. We are in the process of moving the operation to another Colo facility. We currently have a site-to-site VPN between the old and the new Colos. The firewalls in use at both sites are ASA 5510s.
What I am being asked to do is as servers are moved to the new location to take the current NATs and direct them to an address that would take it across the VPN to the new site.
I know that I can take inbound VPN traffic and hairpin it to another tunnel but in this case we are taking non-tunneled traffic and trying to put it back out the same interface on the VPN. My one thought is to take an ASA 5505 that we have an move the NATS to it mapping those to the new addresses and then setting a route from the 5505 to point back towards the 5510 for the new colo subnet.
It would be nice to do it within the one firewall but may not be possible and also haven't been able to play with my workaround so I don't know the caveats with that plan yet either.