Encrypting all traffic from remote site

renato.berana · ‎12-13-2009

We have a branch office which is connected to our HQ through IPSEC VPN all traffic are encrypted. Clients machine are able to access the resources on the HQ the problem is they are not able to connect to the Internet, as a workaround we configure the browser to use our internal proxy and it works fine. Now my question is how can i make the branch office users to access the internet without using our internal proxy. The configuration are as follows:

Branch office:

Encrypted Traffic: Traffic from 172.17.10.x/24(branch office network) to any

NAT 0: All traffic from 172.17.10.x/24(branch office network) to any

HQ:

Encrypted Traffic: All traffic to 172.17.10.x/24(branch office network)

NAT 0: All traffic to 172.17.10.x/24(branch office network)

acomiskey · ‎12-14-2009

What devices are you talking about? ASA, router etc.

renato.berana · ‎12-14-2009

VPN is terminated on two ASA 5540. I want the branch office users to access the internet using HQ's connection.

acomiskey · ‎12-15-2009

global (outside) 1 interface

nat (outside) 1 172.17.10.0 255.255.255.0

same-security-traffic permit intra-interface