I would like to give a following solution to my customer,Please verify my solution,
1. Site A Head Office with PIX 525 connected to Site A ISP.
2. Site is having PROXY SERVER with the port number 3128.
3. Site B Branch office with PIX 515E connected to Site B ISP.
1. IPSec tineel should be established between SIte A and Site B.
2.Then the site B local users should not access the internet directly through Site B ISP,instead the internet traffic has to flow through the IPSesc tunnel to Site A PROXY server and access the Internet.(All Site B node IE are configure with the PROXY settings).
Is it possible,this will help the customer to watch the internet users centrally.
1. I will configure both sites Firewall for IPSec (both IPSec and ISAKMP parameters,with NAT0 and ACL)
2. At the site B I will not configure the NAT 1(Inside) and Global 1 (outside),in that case no local node can access the internet.
Is it correct.
Please help me.
Thanks and Regards,