Hello All,

I have the topology below:

What I am trying to do now is a simple point-to-multipoint IPSec Tunnels.

Behind HQ, I will put a server which all three remote sites connect to it .. The WAN, I have no visibility over it. All I have is the public IPs for the four routers. All remote users can communicate with the HQ, but not with eachother since there is nothing in the remote locations to be shared among the others.

All I was able to complete is one site only to communicate with the HQ over IPSec, i.e. Point-to-Point mode.

Can someone guide me on how to make all three "Local Servers" behind REMOTE router to communicate with the HQ to be able to communicate with the server(s) behind the HQ to sync data.

For now, what I have in mind, ACL on all three routers to allow outgoing connections with the Local Servers IPs to the Master Server IP.

How can this be achieved?