I have a remote site with a website that only allows access from the outside IP assigned to our local PIX. I have users connecting to the local networking using a VPN that need to be able to view this remote site. I don't think this works because the packets want to come in and go out over the same (ext) interface. So I'm looking for a way to make this work using the PIX or setting up a service on a server on the local network to act as a middle-man for the HTTP requests.
The remote site doesn't support setting up a VPN to our PIX. The remote website is dishing out pages over a non-standard port.
Can I use squid or something similar to proxy just one site?
Here's some parts of the PIX config. VPN clients get assigned an IP from [vpn_subnet] and I want them to be able to access port 12345 on remote site [remote_host_ip]. One thing to note, I have users at the remote site using the VPN client to connect to our site and since that site only has one IP, they are seen by our local site as [remote_host_ip].
ip local pool vpnpool <vpn_subnet_ip_range>
tunnel-group vpn_abc type remote-access
tunnel-group vpn_abc general-attributes
address-pool vpnpool
authentication-server-group (outside) AuthInbound
default-group-policy vpn_pol_abc
tunnel-group vpn_abc ipsec-attributes
pre-shared-key *
group-policy vpn_pol_abc internal
group-policy vpn_pol_abc attributes
wins-server value <local_ip>
dns-server value <local_ip>
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpnusers
default-domain value example.com
access-list vpnusers extended permit ip <local_subnet> 255.255.0.0 <vpn_subnet> 255.255.255.0
access-list vpnusers extended permit ip host <remote_host_ip> <vpn_subnet> 255.255.255.0
access-list nonat extended permit ip <local_subnet> 255.255.0.0 <vpn_subnet> 255.255.255.0
access-list nonat extended permit ip host <remote_host_ip> <vpn_subnet> 255.255.255.0
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
