I have a 5520 ASA with a server in DMZ that can be accessed from internet and from LAN using public IP Address (static NAT for DMZ server) . Also VPN Users can access to this server using public IP address sending the public subnet addresses to the remote users with split tunneling ACL. The problem we have is that we need Clientless Remote users access to this server attacking again public address too and it does not work. It only work fine when Clientless remote users access to DMZ server private address. We need all connection to this server be done again public address for web server page code.
I cannot use split tunnel for Clientless remote users and apparently connection has the ASA as source for this traffic. Somebody know if it is possible or some idea what can I test?
Unfortunately this is not possible because for Clientless VPN, the ASA is proxying the connection as it is not a full tunnel VPN. Hence, it can only proxy the connection on the real address, not on the NATed address.