We have one central site and six branch offices.
I can easily configure site-to-site VPN tunnel between HQ and all branches, using split-tunneling, so only LAN-to-LAN connection goes over VPN tunnel.
Now we want to centralized all traffic, including Internet-destined, so all branches will go to internet over our HQ internet links.
At HQ site we have ASA 5510 (which is terminating point for VPN connections), and want to monitor all traffic, using either Websense or CSC module for ASA.
The question is: How to configure this? :)
disable split tunneling and in your crypto acl's use a permit ip x.x.x.x x.x.x.x any statement on the remote.
at hq, the crypto acl will be permit ip any x.x.x.x x.x.x.x.
at HQ, enable the same security permit intra interface feature.