Solved: Re: Internet Access from remote Branch

optimusprime90 · ‎06-03-2023

Hi Dears,

We have remote branch connected to HQ via MPLS and IPSEC-GRE tunnel is configured on cisco routers on both ends. Both branches have separate DIAS internet links. Now I am looking to let one vlan subnet from HQ to use internet from remote branch internet connection, and stop this vlan to use local HQ internet connection.

optimusprime90 · ‎06-12-2023

I did NAT at branch internet router and it worked, thanks everyone for all of your inputs.

View solution in original post

Kasun Bandara · ‎06-04-2023

@optimusprime90 if so you need to do route HQ vlan's internet traffic towards remote branch via tunnel and send our to internet via remote branch internet line. this is about routing and NATting

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

optimusprime90 · ‎06-04-2023

I Understand this is about routing and nating , can i get help about config setup please, and i do not want to route complete HQ internet traffic, I need to route only one subnet (one vlan)

Kasun Bandara · ‎06-04-2023

@optimusprime90 to give more specific support, please share the routing method you are using now (dynamic,static) and some details. then small network diagram to get an idea about traffic path and devices in between networks.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

MHM Cisco World · ‎06-04-2023

..

MHM Cisco World · ‎06-04-2023

..

paul driver · ‎06-04-2023

Hello
This can most probably be accomplished with some traffic engineering however you dont mention what dynamic routing protocols (if any) you are using,

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

optimusprime90 · ‎06-04-2023

Hi,
Tunnel is set using static route, below is the topology example where we want to route that specific HQ subnet via branch internet.

Joseph W. Doherty · ‎06-04-2023

Why do you wish to do this? Reason I ask, it might be some what complex to accomplish, easy to inadvertently cause unexpected and undesired

surprises

in the future, and perhaps there's another easier/better way to accomplish your goal.

optimusprime90 · ‎06-04-2023

one dept in HQ has work at some specific weblinks and those weblinks are not reachable via HQ internet due to some internal issues with ISP and website owners, that's why we want to redirect traffic of that department to our branch so they can work smoothly.

Joseph W. Doherty · ‎06-04-2023

Well, ideally, you would resolve the issue(s) with your HQ ISP and/or problematic websites owners.

But, assuming you need to do something right now, where is NAT/PAT performed at HQ and branch? How many special Internet website IPs is this a problem for?

Any additional routers insider FWs at both sites, especially for VLAN at HQ that needs this treatment?

optimusprime90 · ‎06-04-2023

NAT is configured on Our internet Router at remote branch and at Cisco IPSEC router at HQ.
currently we need to access to One website only.

Wizard4777 · ‎06-04-2023

you do port forwarding on the remote router

Joseph W. Doherty · ‎06-05-2023

As I don't know all your routing topology's specifics, I can only suggest a conceptional approach.

At HQ, add a static route, for the one problematic web site, on the IPSec router, to the internal facing interface IP on the branch Internet router. This assumes, whether traffic gets to branch via MPLS path or tunnel, branch routing will get that outbound traffic to the branch Internet router. It also assumes return traffic will be sent back to HQ (via branch).

optimusprime90 · ‎06-08-2023

I did this static route, but it did not work.