I have a setup whereby there is a central ASA, and 2 remote sites.
This is hub and spoke, where there are only VPNs between the central site and remotes, not remote to remote.
The remotes communicate with each other also using "intra-interface".
Because of a subnet overlap between the 2 remotes, I need to NAT the traffic at the central site before the hairpin back out (between remotes).
Is it possible and how would I acheive that (NAT the incoming traffic from a remote VPN, before passing back out the other remote VPN)?