I have two brand new SRX340's. Currently I have a Site-to-Site VPN working between an SRX220 and a Sophos UTM 320. All the internal networks can talk amongst themselves via 'traffic-selector's in the VPN. With the new SRXs I would like to now forward all the traffic that is internet bound down the VPN to our main datacenter that has an inline web filter installed so that the traffic at the remote site is filtered.
Basically at the datacenter I have an EX4200 doing all of my inter-vlan routing, that connects 1 cable to the LAN port of the filter, the WAN port of the filter connects to the SRX. The remote site is the same with the exception of the web filter.
From a logical standpoint what I need to be able to do is get VPN traffic to terminate at the EX4200 behind the filter so that it can be filtered on it's way out. Is there a way to do this?
The link below gets me as far as I need from the forcing all traffic over the tunnel, but I'm stumped with how to get the traffic the last jump. Can I terminate the VPN to a physical port or vlan interface to connect to the EX4200? Is there some OSPF magic to force all the routes to what I want?
https://marioblab.wordpress.com/2015/12/26/internet-access-through-central-site-over-ipsec-vpn/
Datacenter:
EX4200 (10.30.0.1)--->Transparent Filter--> SRX340 (10.30.0.4)
Remote:
EX4200 (10.29.0.1)---> SRX340 (10.29.0.4)
Any help is greatly appreciated.
-Ryan