I have an issue where we have several sites connected to the same Cisco ASA5510 but to different subinterfaces. Some of the subnets use the same subnets (ie. the very popular 192.168.0.0/24) I want to use PAT to let all of these subnets out through the same public interface but recognize that there will be issues with this since the subnets are not unique. To further complicate issues, the subnets are routed to the ASA using a /30-net in each interface. A solution (although not an option in this case since these aren't administered by me) would be to NAT in the router (Router1 and Router2 in the attached picture) and make the subnets unique to the ASA. Are there any chances of making this work with using just one ASA? One option is to get the Security Plus update, and run one security context to NAT and a second security context to PAT, but i'd rather solve it some other way if possible. Is there a possible solution to this either by using policy-nat or by combining NAT and PAT?