Two ways to do this one is an outgoing access-list on your inside interface the other is set your vpn match access-list to just allow tcp port 80. So on you "ab" acl add eq 80 and you'll only traffic destined to port 80 will be allowed down that tunnel.
access-list ab extended permit ip 10.192.0.0 255.255.0.0 10.100.24.0 255.255.248.0 eq 80
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...