Could you deny http and https outbound traffic on the router at Site A except over the VPN to Site B, and then set Site A machines' web browsers to use the proxy server at site B?
________________________________ From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Saturday, September 13, 2008 9:16 AM To: NT System Admin Issues Subject: RE: site-to-site VPN for proxy sharing "if the Site A machines don't use their local VPN device as their gateway" why NOT use the VPN tunnel device as default gateway? sounds like that what you want ________________________________ From: Adam Greene [mailto:[EMAIL PROTECTED] Sent: Friday, September 12, 2008 7:24 PM To: NT System Admin Issues Subject: site-to-site VPN for proxy sharing Hi guys, I'm trying to connect two customer sites via a site-to-site VPN so that all machines at Site A can be forced to go through a proxy server at Site B to access the Internet. I am toying with the idea of placing both sites on the same network (i.e. 10.2.0.0/16) and then providing the machines at Site A with a default gateway of the proxy server at Site B. However, I'm not convinced that this will work. I mean, if the Site A machines don't use their local VPN device as their gateway, how will that device know to forward packets over the VPN to the proxy server at Site B? Customer doesn't want to set up static NAT entries on the VPN device at Site A for all the other network resources they need to access at Site B (Exchange, Sharepoint, and more) otherwise I think we could just leave Site A on a 192.168.0.0 network and NAT the proxy server at Site B to a 192.168.0.x. address. To complicate things further, customer has a Sonicwall TZ170 on one end and a Cisco PIX on the other. They are willing to change the Sonicwall to a PIX / ASA if that will facilitate the setup. Any ideas? Hey, you didn't all go home for the weekend, did you? --Adam No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.169 / Virus Database: 270.6.21/1668 - Release Date: 9/12/2008 6:56 AM Confidentiality Notice: ---------------------------------- This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
