The idea is to do a Policy NAT for the VPN traffic to change your 10.1.0.0/16 to 192.168.50.0/24 if it is tunneling over the VPN. Cisco has a great writeup on how to do this: LAN-to-LAN VPN with overlapping subnets. There's a blog post here as well if you are using a later ASA version: ASA VPN with overlapping subnets. Hope that helps.
So, policy-based nat (Source Network Address Translation (NAT-src) and Destination Network Address Translation (NAT-dst) can only be configured on ASA side. How to configure Policy based nat for source and destination on ASA (9.1) Original Subnet -: AWS VPN Subnet – 172.16.17.0/24 Here I'll attempt to give an overview of Cisco ASA's implementation of the static virtual tunnel interface (aka "SVTI", or "VTI" for short), also known more simply as "route-based VPN", and how to configure it on Cisco ASA firewalls. object network inside-net subnet 192.168.1.0 255.255.255.0 object network vendor-vpn-nat host 172.16.75.5 object network translated-ip host 172.27.27.27 nat (inside,outside) source dynamic inside-net translated-ip destination static vendor-vpn-nat vendor-vpn-nat. Miscellaneous Notes Use real IPs in access-lists The Cisco ASA supports VPN filters that let you filter decrypted traffic that exits a tunnel or pre-encrypted traffic before it enters a tunnel. You can use the VPN filter for both LAN-to-LAN (L2L) VPNs and remote access VPN.
A simple network is composed of a Corp LAN, a Cisco ASA acting as an Internet gateway and firewall. Remote VPN users connect to the Corp LAN using L2TP/IPSec VPN. A DHCP pool is reserved on the ASA for VPN users. We’ll also implement “split tunneling” so that regular Internet traffic is not sent through the tunnel.
These are not formal definitions but if you are familiar with the Cisco ASA, then you know things changed drastically between ASA version 8.2 and 8.3, one of them being NAT. Side talk : don’t tell the customer but I once downgraded a customer’s firewall from ASA version 8.3 to 8.2 just so I didn’t have to worry about the NAT syntax change. Apr 15, 2012 · Cisco ASA Site-to-Site VPN Configuration (Command Line): Cisco ASA Training 101 - Duration: 14:11. soundtraining.net 237,773 views
Jan 15, 2014 · ASA# Choose the NAT rule and click Packet Trace in order to activate the packet tracer from the Cisco Adaptive Security Device Manager (ASDM). This uses the IP addresses specified in the NAT rule as the inputs for the packet tracer tool: View the Output of the Show Nat Command
So, policy-based nat (Source Network Address Translation (NAT-src) and Destination Network Address Translation (NAT-dst) can only be configured on ASA side. How to configure Policy based nat for source and destination on ASA (9.1) Original Subnet -: AWS VPN Subnet – 172.16.17.0/24