Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Internet Access through IPSec


I would like to give a following solution to my customer,Please verify my solution,

1. Site A Head Office with PIX 525 connected to Site A ISP.

2. Site is having PROXY SERVER with the port number 3128.

3. Site B Branch office with PIX 515E connected to Site B ISP.

Requirement :

1. IPSec tineel should be established between SIte A and Site B.

2.Then the site B local users should not access the internet directly through Site B ISP,instead the internet traffic has to flow through the IPSesc tunnel to Site A PROXY server and access the Internet.(All Site B node IE are configure with the PROXY settings).

Is it possible,this will help the customer to watch the internet users centrally.

My Views:

1. I will configure both sites Firewall for IPSec (both IPSec and ISAKMP parameters,with NAT0 and ACL)

2. At the site B I will not configure the NAT 1(Inside) and Global 1 (outside),in that case no local node can access the internet.

Is it correct.

Please help me.

Thanks and Regards,



Re: Internet Access through IPSec

it is correct.

At the site B I can configure the NAT 1(Inside) and Global 1 (outside)

and apply ACL to inside interface that permits only traffic between SIte B and Site A

CreatePlease login to create content