We have a vendor that needs access to several of our internal webservers over HTTPS, but also needs access to an external website that can only be accessed via our public IP address. We have them set up for a site to site VPN tunnel and we're NATing them from a DMZ IP to an internal IP address for each internal web server access.
I'm trying to figure out what the best method would be to redirect them to an external website through our network and out to the internet. One of the ideas I was playing with was some kind of virtual application delivery for IE via Citrix or another platform.
Is there an easier method to do this via creative NATing or do we need to deploy some sort of VDI-like application delivery to accomplish this?