can't speak to theproxy issue (i'd use a Pix) but,
you need to split the site to site wan link off from
the link that goes to the internet. that way you can
force all internet traffic from either site thru whatever proxy/firewall you use. the proxy/firewall
sits on an isolated segment between the internet
router and the private side of your network