I need to set up a vpn tunnel to a remote site. Both our location and the remote location use the 10.x.y.z address scheme. The remote end offered up a 172.16.6.0/27 net for a destination network. How do I configure the ASA5510 on my side to create the tunnel as if it were coming from the 172.16.6.0/27 network? Our subnets are 10.10.20.0/24, 10.10.30.0/24, and 10.2.1.0/24. I already have a network object group containing these networks. I've created many vpn's in the past, but this is the first time I've had to contend with destination subnets that overlap ours. Thanx!
You have to NAT on both ends the reason being...
Site A LAN 10.1.1.0/24
Site B LAN 10.1.1.0/24
If you establish the tunnel between both sites it will come up.
But, when Site A 10.1.1.x tries to talk to 10.1.1.y on the other side, it will think the traffic should stay locally and not send it through the tunnel.
If you only NAT for example on Site A, so Site A will be translated to 10.2.2.0/24
Then, still Site A will originate a packet destined to 10.1.1.y to get to the other side of the tunnel and the same thing will happen.
This is why you should NAT on both ends.