I have setup a standard remote VPN so a user can remotely connect to the Firewall and have configured a NAT rule so that they have internet access using a WAN IP on the Firewall.
I'm now trying to make it so that when connected to the VPN they can access sites hosted on servers that are also behind the firewall.
For example site1.com resolves to 22.214.171.124 which is also behind the firewall and their "public" IP is 126.96.36.199.
I've tried adding a rule to say if the source address is 188.8.131.52 with destination 184.108.40.206 to just NAT it to 192.168.1.2 which is the internal IP but this doesn't seem to work.
Is it possible to just make it so if they are connected to the VPN it just NATs it so they have the same access as if they were public?
You can do that but ensure that the NAT rule is before the exemption rule. here is two ways to do it:
nat(inside,outside) 1 source static server-private server-public destination static anyconnect-pool anyconnect-pool
or nat(outside,inside) 1 source static anyconnect-pool anyconnect-pool destination static server-public server-private
this should untranslate packets coming from the anyconnect from the public address to the private address.