We have a vendor that we need to create a S2S VPN with and they are only allowing public IP addresses for the source address. I assume this is because they don't want to deal with the potential overlap of private IP addresses from all of their clients. I never have encounter this before, so I am not sure how to proceed and what public IP address to use.
Should I create a static one to one nat for the device that needs to go across the VPN to an available public IP address?
Should I use the global pat address that users are seen on the internet as?
I inherited this network from a previous engineer and there are two S2S VPN's on the ASA 5520 that have the global pat address as the source address. My concern with this is that all internal traffic will be able to go across the S2S VPN.
TIA for any advice.