Branch internet traffic thru corporate internet.

Unanswered Question
Jan 28th, 2009
User Badges:

Two branches are connected thru site-to-site VPN with corporate office.The requreiment is to move all the traffic to corporate office thru tunnel & restrict the internet traffic of branch from corporate security devices. - Pls suggest.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
netwalkr1 Wed, 01/28/2009 - 09:15
User Badges:

You have a couple of items to consider. The VPN termination device at the remote offices are going to need a way to to the Internet to establish the point-to-point tunnel to HQ. If the same device (ASA/PIX, etc...) is the default gateway for the remote office hosts you are going to need a route out to establish the VPN tunnel. You can create a host route for the HQ public IP (example: 4.4.4.4 255.255.255.255 via next hop router/modem. Then as Andrew suggested default route to the corporate security appliance. Another option is to force (AD group policy) your hosts to use a proxy server and route that proxy server through the tunnel to HQ.


HTH,

Shaun

Actions

This Discussion