First of all, I want you to know that specifying port statements in network statement ACLs like NAT ACLs slightly degrades performance of Cisco Firewalls since they are not routers primarily. I assume you got that warning already in CLI when you issued the port statements.
Second, before a default route (with a lower metric than default route), you should issue a route for the peer IP of remote site to your ISP, then with a higher metric, you can specify a default route to remote site.
Third, Watchguard side should add the 192.168.0.0 network to "their" NAT statement for internet connectivity.
Thanks for your reply, I would like to make it more clearly for this lab. Actually, it is a test lab for simulate the real network before I roll out.
Firstly, For the test lab, the pix and watchguard firewall are connect in the same network, but the real network will be in difference (At least, there will be a few router between two sites).
Secondly, I had tried to form a vpn with a zero route (which means route all traffic) and it success. All the traffic from pix side will redirect to remote site (watchguard) thought the vpn tunnel instead of directly access internet.
Finally, I had found that when I using above configuration, the traffic (other than 80, 443) was failed thought pix outside interface to access (such as port 22, 8080, etc).
From the pix log, it seems that the packet which from inside to outside have not translate(NAT) to pix external interface ip before send out.
"All the traffic from pix side will redirect to remote site (watchguard) thought the vpn tunnel instead of directly access internet."
"the traffic (other than 80, 443) was failed thought pix outside interface to access (such as port 22, 8080, etc). "
You pointed the PIX to route all traffic to remote site, so you can not expect traffic other than 80 and 443 be forwarded to pix outside interface ISP. What you want in this case is possible with PBR (Policy Based Routing) which ASA does not support.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...