ipsec site-to-site tunnel with Cisco, force all traffic through tunnel

Hello,

My customer has two sites connected with IPsec tunnel.

Now all users in all sites browse to the internet through proxy server.

Site A

Cisco ASA 5505

192.168.1.0/24

CryptoMap    

access-list S2S extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list S2S extended permit ip 192.168.1.0 255.255.255.0 192.168.8.0 255.255.255.0

Site B

PA200

192.168.0.0/24

192.168.8.0/24

this IPsec tunnel is terminated on a tunnel.1 interface, which is in zone named S2S

ProxyID

local 192.168.0.0/24     remote 192.168.1.0/24

local 192.168.8.0/24     remote 192.168.1.0/24

My question is. I want to route all traffic from site A (behind Cisco ASA) through the IPsec tunnel to site B and then to internet, because I want that all traffic is scanned by PaloAlto. And I want to get rid of the Proxy

Will it be possible if I just change the:

Cryptomap to:

access-list S2S extended permit ip 192.168.1.0 255.255.255.0 any

PaloAlto ProxyID

local 0.0.0.0/0     remote 192.168.1.0/24

NAT policy

S2S to Outside

Security Policy

thanks for advices

Rudolf