Configuring PAT over VPN Tunnel to access a hosted APP
Can anyone please provide direction on how to successfully PAT the plethora of 10.0.0.0 /24 subnets I have onsite to a predetermined 172.x.x.x address for access specifically destined to a hosted web server via a Site-To-Site VPN tunnel? I am uncertain as to how to properly PAT the private address through the tunnel without inadvertently sending all users to the tunnel.
Here are the details:
-Users need access to a Time/Attendance hosted application accessible only via a secure site-to-site tunnel via https://x.x.x.x website
-The application is hosted by a 3rd party vendor and their requirement is to âhide usersâ (source IPs 10.0.0.0 /24) behind a designated PAT'd address (172.x.x.x)
-Cisco ASA 5540 ver. 8.0
-permit port 443
Ultimately, the ACL will look like:
IP access-list extended ABC-crypto
Permit ip host (website URL IP ADDRESSx.x.x.x) host 172.x.x.x
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...