I have an IPsec VPN setup like this:

[Remote users]-[Remote ASA] <-VPN-> [My ASA]-[Subnet A]-[Router 2]-[Subnet B]

The VPN is set to handle traffic between [remote users] and [Subnet A]; it does not include [Subnet B]. Pretend the firewall rules for all routers are to permit everything.

Now I want to redirect traffic that comes over the VPN to a specific IP on [subnet A] (192.168.1.102) to an IP on [Subnet B] (10.1.1.133)

If I add a rule on [My ASA] to NAT traffic to original IP 192.168.1.102 to new IP 10.1.1.133,

1) Will this affect the connections coming in over the VPN? (ie: the VPN packets are unencrypted and then NAT is applied) 2) Will this work when the post-NAT target is on Subnet-B, which is not part of the VPN traffic selection?