I see your issue. Lets look at the VPN overlapping issues first. Let the remote network target a virtual subnet that doesn't physically exist, and route this to the ASA (If not the Default Gateway on the LAN already). Then place a static NAT on the ASA from this to the overlapping address, then create the crypto access-list. As NAT occurs before encryption and you are applying NAT first, you can leave out the NO-NAT access-list completely. For the servers and the remote site contacting you with not enough addresses, this could be an issue. The only way i think would be to check the ports utilised and produce static NATs that are port specific, allowing you to utilise the same public address more than once.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...