I have a guest wireless subnet that's only allowed access to the outside world and that's it. A problem came up today that required a user in the company to be able to get to a hosted server on the LAN. A static nat exists for everyone on the outside to get to the server, so the thought was that they would connect to the guest wireless and then get to the hosted server via public address. This didn't work, but I think it's because the traffic is going through the ASA as natted, and then coming back out again making it look like the packet is being spoofed. Is that correct, and is there a way around it?