Hello McKay
Ah, I see. So your goal is to create a VPN between your ASA and some VPN server on the cloud, or somewhere off premises, via which your internal clients can connect. That way, their communication on the Internet is “masked” or “secured” when exiting your network. And then the VPN server connects in turn with the intended destination websites and services. That way the clients can anonymously connect.
This is similar to the subscription-based VPN services that are often advertised for “anonymous” browsing and connectivity. These work on a per user basis with a mobile app or a software client on one device rather than for a whole site as in your description, but there may be some that deliver such site to site VPNs like this. It may be worth checking that out.
Other than that, in order to achieve what you’re looking for, you will have to create your own “custom” setup using some cloud-based VPN service as you suggest, and that can be more costly.
I hope this has been helpful!
Laz