Pix 515 and Routing all VPN traffic to Pix

[DHungate]

I would like to configure my Pix to recieve VPN traffic from a remote destination and then forward traffic destined to the Internet that came through the VPN tunnel to the Internet.

Most VPN devices such as Sonicwall and Symantec's Firewall have an option to route all the traffic through, in the Sonicwall it shows up as: "Route all internet traffic through this SA"

This works pretty good but when it gets to the Pix it says the traffic has a bad SPI, here is some of my VPN config on the Pix:
access-list pixtolondon permit ip 10.0.0.0 255.0.0.0 10.12.18.0 255.255.255.0
nat (inside) 0 access-list pixtolondon
crypto map tosonicwall 20 ipsec-manual
crypto map tosonicwall 20 match address pixtolondon
crypto map tosonicwall 20 set peer xxx.xxx.xxx.xxx
crypto map tosonicwall 20 set transform-set SIRBasic
crypto map tosonicwall 20 set session-key inbound esp xxx cipher xxxxxxxxxxxxxxxxx
crypto map tosonicwall 20 set session-key outbound esp xxx cipher xxxxxxxxxxxxxxxxx
crypto map tosonicwall interface outside

 

[themut]

Sorry but it is not possible on the PIX. It cannot route packets back on the same interface they arrived. A work around is to setup a proxy server on the internal LAN behind the PIX and point the remote PCs to the proxy server to go to the Internet. The traffic from remote sites will be decrypted at the PIX and sent to the proxy who inturn will send the Internet request through the PIX. A cisco router or VPN concentrator does not have this limitation.