Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How to backhauled internet traffic over IPSec

Hi,

We have one central site and six branch offices.

I can easily configure site-to-site VPN tunnel between HQ and all branches, using split-tunneling, so only LAN-to-LAN connection goes over VPN tunnel.

Now we want to centralized all traffic, including Internet-destined, so all branches will go to internet over our HQ internet links.

At HQ site we have ASA 5510 (which is terminating point for VPN connections), and want to monitor all traffic, using either Websense or CSC module for ASA.

The question is: How to configure this? :)

Best Regards

Branko

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: How to backhauled internet traffic over IPSec

disable split tunneling and in your crypto acl's use a permit ip x.x.x.x x.x.x.x any statement on the remote.

at hq, the crypto acl will be permit ip any x.x.x.x x.x.x.x.

at HQ, enable the same security permit intra interface feature.

2 REPLIES
Gold

Re: How to backhauled internet traffic over IPSec

disable split tunneling and in your crypto acl's use a permit ip x.x.x.x x.x.x.x any statement on the remote.

at hq, the crypto acl will be permit ip any x.x.x.x x.x.x.x.

at HQ, enable the same security permit intra interface feature.

New Member

Re: How to backhauled internet traffic over IPSec

Finally, I tried your sugestion, and with a little configuration changes on ASA (I had already enabled same security feature) it's working now.

Thanks.

280
Views
0
Helpful
2
Replies
CreatePlease to create content