I have a multi-office network where the remote offices are connected by VPN tunnels to the main location and all share the same internal DNS server. I have a public web server that sits in a DMZ reachable by the public and remote offices via a dedicated public IP and is reachable by internal users of the main location via an internal IP. The firewall controlling all of this is a Cisco ASA 5505.
Everything works and routes well by IP except one thing. In the main office where the firewall is located (where the servers and dmz are) those users cannot reach the public IP of the web service. They can get to it using the internal address, but not by the public address. All other offices can get to the public IP just fine.
Except for the shared DNS between offices, I would just set up an internal host address that pointed to the inside address for this one office. But the other offices would then pick that up and they don't get to the website via the internal address.
What I need is for the firewall, which is handling the requests anyway, to "rewrite" the destination for main office users to the DMZ address reachable from the main office. So Main Office machine x.x.x.105 sends a request to y.y.y.149 (the public web server address) and it needs to go to z.z.z.20 (the internal DMZ address of the web server).
The DMZ machine has no problem reaching the x.x.x network. I just need to inform the firewall that requests going to y.y.y.149 should not be NATed and should go instead to z.z.z.20.
How do I do this?