Internet Access through IPSec

Unanswered Question
Jul 19th, 2008
User Badges:


I would like to give a following solution to my customer,Please verify my solution,

1. Site A Head Office with PIX 525 connected to Site A ISP.

2. Site is having PROXY SERVER with the port number 3128.

3. Site B Branch office with PIX 515E connected to Site B ISP.

Requirement :

1. IPSec tineel should be established between SIte A and Site B.

2.Then the site B local users should not access the internet directly through Site B ISP,instead the internet traffic has to flow through the IPSesc tunnel to Site A PROXY server and access the Internet.(All Site B node IE are configure with the PROXY settings).

Is it possible,this will help the customer to watch the internet users centrally.

My Views:

1. I will configure both sites Firewall for IPSec (both IPSec and ISAKMP parameters,with NAT0 and ACL)

2. At the site B I will not configure the NAT 1(Inside) and Global 1 (outside),in that case no local node can access the internet.

Is it correct.

Please help me.

Thanks and Regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Sat, 07/19/2008 - 05:36
User Badges:
  • Gold, 750 points or more

it is correct.

At the site B I can configure the NAT 1(Inside) and Global 1 (outside)

and apply ACL to inside interface that permits only traffic between SIte B and Site A


This Discussion