Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Branch internet traffic thru corporate internet.

Two branches are connected thru site-to-site VPN with corporate office.The requreiment is to move all the traffic to corporate office thru tunnel & restrict the internet traffic of branch from corporate security devices. - Pls suggest.

2 REPLIES

Re: Branch internet traffic thru corporate internet.

Configure the branch layer 3 devices with a default route to point to the corperate core security devices.

HTH>

New Member

Re: Branch internet traffic thru corporate internet.

You have a couple of items to consider. The VPN termination device at the remote offices are going to need a way to to the Internet to establish the point-to-point tunnel to HQ. If the same device (ASA/PIX, etc...) is the default gateway for the remote office hosts you are going to need a route out to establish the VPN tunnel. You can create a host route for the HQ public IP (example: 4.4.4.4 255.255.255.255 via next hop router/modem. Then as Andrew suggested default route to the corporate security appliance. Another option is to force (AD group policy) your hosts to use a proxy server and route that proxy server through the tunnel to HQ.

HTH,

Shaun

110
Views
0
Helpful
2
Replies
CreatePlease to create content