There are a number of approaches you could use depending on the security requirements and devices you have.
The simplest would be to use acl's to restrict the guest traffic to only be allowed to the ASA which could also be used together with PBR to force traffic to go one way.
Next you could look to implement GRE tunneling between the branch and head office but you would need a router at either end that could support GRE.
In conjunction with GRE you could use vrf-lite which would allow you to keep totally separate routing and forwarding tables within your HQ and branch sites.
And if you wanted you could have a 2nd MPLS VPN for guest access only and map this into your vrf-lite vrf's within your sites.
It really depends on how much effort you want to put in and whether the features such as GRE/Vrf-lite are supported by your devices. Attached is a link to a Cisco design doc for Path Isolation and Virtualisation which goes into some detail about how you can segregate different types of traffic on your network -
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.