I'm trying to setup a vpn from a 5GT running 5.x code to a Cisco ASA. The 5GT has an internal network of 10.1.1.0/24 and needs access to 2 subnets behind the ASA( 172.25.101.0/24 and 172.25.102.0/24). While I was able to get the tunnel to come up w/o any issue and pass traffic between 172.25.101.0/24 and the 10.1.1.0/24 networks, 172.25.102.0/24 is unable to pass traffic. Upon further investigation it appears as though the 172.25.102.0/24 subnet already has communication to another 10.1.1.0/24 subnet in another vpn so that is taking precedence. Is there a way to nat the traffic from the 10.1.1.0/24 subnet to say 10.2.1.0/24 when it's trying to reach 172.25.102.0/24? That way I can just use that in the vpn configuration on the ASA? I was thinking of something like this:
set interface tunnel.2 ip 10.0.2.1 255.255.255.0
set policy id 20 from "Trust" to "Untrust" "10.1.1.0/24" "172.25.102.0/24" "ANY" nat src permit
set policy id 20
But wasn't sure that would do a 1:1 on outbound or if it would nat all traffic to the 10.0.2.1 address.