Yes its possible to give internet access to your remote users provided default propogation towards the PIX and the return path routing is taken care of (toANDfro) to the PIX.
Your ISP will be ditributing the default to the remote ends for Internet.
Many enterprises have a centralized Internet Access policy. So in such cases this is the easiest which could be done to control Internet Access for your remote branches, provided you have ample bandwidth for other applications reserved.
Or the other option which is cost intensive would be, local Internet BW, with centralized security Policies with distributed enforcement.
So not much of a right or wrong, but a call considering and weighing the user access ease, attached with cost implications.
This is definitely possible. Depending on what routing protocol you are using over your MPLS network you can distribute a default route into the cloud from your L3 switch. You can then remove the default static routes (or replace with floating statics) from your remote MPLS routers.
We do this currently and it works well. It gives you centralized control, reporting, and filtering of Internet traffic for the rest of your sites in your enterprise. The only issues you may find are that if you are currently allowing these sites to access the Internet locally, performance maybe an issues. Take into account the latency that will be added now that the Internet traffic will traverse your MPLS network.
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...