Issue : Our company is currently in the process of migrating all the vendor VPn traffic from concentrators to ASA -5540s. Our vendors connect using either Clientless , Client based and /or Site2Site.
All the 3 VPN configurations need to exist on the same appliances.
We have currently have a stable environment set up for Clientless and IPSEC client where vendors connect to real addresses. However our Site to Site connections ( which initally ) existed on a concentrator needs to be moved to the same ASA. The site to Site masks internal addresses by natting them to a public address range 168.244..0.0 /16
Is there a way to configure ASA to nat only Siteto Site traffic and not the Client and Clientless traffic .
One option our team has come up with is to create a new DMZ on the ASA and route traffic pointing to the new DMZ range.
Is there any otherworkable solution ?
Thanks in advance
-Sandhya