We have a handful of PIXes and ASAs running at remote locations configured for EZVPN. What we want to do is to force all traffic from the remote locations through a content filter, which doesn't act as a proxy. Given that the gateway for the VPN concentrator is pointed to the Internet, is it possible to force all VPN client traffic to route through the inside interface? I've seen some references that the VPN concentrator has policy routing, but I haven't see any configuration information. Has anyone else attempted this?