I have a site to site VPN configured between our main site (Site A) and a remote site (Site B).
Site A is 10.60.0.0/16 Site B is 192.168.99.0/24
The firewall in Site B is a Juniper SSG running ScreenOS 6.3 and I'm using a route based VPN.
The tunnel works perfectly in that from Site A you can reach 192.168.99.0 via the tunnel, and from Site B you can reach 10.60.0.0 via the tunnel.
However, we want it so that if you're in Site B and want the Internet it goes via the firewall at Site A, and right now on the Juniper 0.0.0.0 has the ISP router as next hop.
My understanding is that on the Juniper, I can set a route for the /32 public IP at our main site that the VPN tunnel connects to to the ISP router via ethernet0/0 (the SSG's external interface), and then modify the 0.0.0.0 route to use our main site firewall via tunnel.1 (the VPN tunnel).
Not sure I've explained that so well but is my understanding correct?
That's it precisely. I've been doing this for some time with JunOS/SRX devices as well for trade shows over seas. Since many content providers like hulu restrict content to the US, redirecting the gateway permits us to do demos while appearing from the office. It can be a bit slower due to the extra round trip time, but it works at least. Once there's a route-based tunnel set up, it's as easy as 'set route remote-ip/32 int untrust gateway defgw; unset route 0.0.0.0/0; set route 0.0.0.0/0 int tunnel.1'. You'll definitely want to make sure you are logged in through the VPN or you'll lose access to the box and someone will have to power cycle it (or login locally).