We have a cymphonix web filter appliance that bridges between the internal network and the ASA Firewall.
I have a couple of sites on L2L VPN's I'd like teh web traffic routed through the Cymphonix device, which means pushing out the inside interface and letting it bounch back out through the "proper" channels. The simplest way I could think of was to set the Tunnel gateway address to my internal main router. However, when I do this my remote VPN sites lose internet access (tunnel stays available for local traffic). Right now the remote sites access the internet directly through the outside interface of the ASA. See below cfg snippet, other site is configured identically.
access-list PVL_VPN extended permit ip any 192.168.118.0 255.255.255.0
access-list nonat extended permit ip any 192.168.118.0 255.255.255.0
nat (Outside) 1 192.168.118.0 255.255.255.0
route Outside 192.168.118.0 255.255.255.0 22.214.171.124 1
Will my intended scenario work at all? Seemed simple enough, change the gateway to an internal router with a route back out. But in practice it isn't as easy.