I have ASA 9.x with 2 IKEv1 site-to-site VPNs to 2 branches. I have also a web server inside the main office that services the web requests sent to TCP 8080. clients which access this web server are inside the main office as well as the branches. the IP addresses of the branch clients has been assigned to them bu their local DHCP server. I want to use NAT (port-mapping) on ASA so the clients reside inside the branch offices can acccess the internal web site without adding the 8080 to their URL. I used something like this on ASA but it didn't worked:
nat (inside,any) source static WEBSERVER WEBSERVER service WEB_PORT WEB_PORT_MAPPED
object network WEBSERVER
object service WEB_PORT
service tcp source eq 8080
object service WEB_PORT_MAPPED
service tcp source eq www
how can we apply this and generally a NAT on VPN clients?