I have a site to site VPN configured between our main site (Site A) and a remote site (Site B).

Site A is 10.60.0.0/16 Site B is 192.168.99.0/24

The firewall in Site B is a Juniper SSG running ScreenOS 6.3 and I'm using a route based VPN.

The tunnel works perfectly in that from Site A you can reach 192.168.99.0 via the tunnel, and from Site B you can reach 10.60.0.0 via the tunnel.

However, we want it so that if you're in Site B and want the Internet it goes via the firewall at Site A, and right now on the Juniper 0.0.0.0 has the ISP router as next hop.

My understanding is that on the Juniper, I can set a route for the /32 public IP at our main site that the VPN tunnel connects to to the ISP router via ethernet0/0 (the SSG's external interface), and then modify the 0.0.0.0 route to use our main site firewall via tunnel.1 (the VPN tunnel).

Not sure I've explained that so well but is my understanding correct?

Thanks