Yes i did tracrt from source machine, its reaching gateway and just dropping there, however from gateway which is firewll it should go to ipsec router.
i am copying static routes and tunnel config which we have currently.

ip nat inside source list 10 interface Vlan300 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.x --> public internet IP of HQ
ip route x.x.x.x 255.255.255.252 y.y.y.y (x is mpls ip of remote branch and y is mpls IP of HQ)

IPSEC Tunnel:

interface Tunnel400
ip address 172.16.80.12 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication xxxxxx
ip nhrp map multicast dynamic
ip nhrp network-id 400
ip tcp adjust-mss 1360
ip ospf network broadcast
ip ospf priority 255
keepalive 3 3
tunnel source Vlan400
tunnel mode gre multipoint
tunnel key 400
tunnel protection ipsec profile MAT-PRO

". . . its reaching gateway and just dropping there, however from gateway which is firewll . . ."

FW will allow traceroute replies?

As to your route statement, where you want it to go, from HQ's IPSec router, is to the inside interface of the branch Internet router.  Basically, once it gets to the branch, you want it to follow branch's default to the Internet.  When traffic returns to the branch, you want it to come back to the HQ.

What's also important, is how the branch is configured with routing and branch FW rules.  Keep in mind, the HQ traffic we're directing to the Internet, via the branch, branch setup may not be configured to support it.

Again, conceptionally, this should work, but much depends on your overall configurations.

Basically, what I've suggested is a subset of what the others were suggesting, i.e. redirecting HQ special subnet

default route

to the branch.  That too could work, but since you noted it's only one web site, couldn't see why you should need to send all that special HQ VLAN's Internet traffic via the branch.

Hi Dear,

We can config one subnet of HQ to route to Remote branch, in my case lets say its  its

10.12.101.0/24

and i am making

default route

for this subnet.

What you've just described, I believe, is source routing which normally might be done using PBR.

Could PBR work?  I believe it can, but I also believe just redirecting for the one web address is a "better" approach.

I did not try PBR yet, but i configured one static route in HQ MPLS router to route traffic to branch mpls router, and one static route in branch mpls router to route traffic to branch firewall, after that when i do tracert from HQ PC, traffic goes from HQ to Branch MPLS router and from there to Branch Firewall and then Branch internet router which is good as it should be like this, but problem now is it i getting dropped at branch internet router, however it should go to the internet via ISP which is directly connected to that internet router.

What you describe, sounds fine from an outbound routing perspective, but since the branch Internet router does NAT for the branch, could the source IP be unknown for return traffic, either on the NAT router or getting back to HQ?

it would be helpful if you could show the network topology

if it drops at the firewall, then make sure the fw allows this subnet to go out to the internet

In an earlier reply, to me, you already noted you were doing NAT on your branch Internet router.  So, some NAT configuration change?  Is so, could you describe the change?

I had to add new entry of source address for this traffic into NAT acl

Okay, so to confirm, you just routed, from HQ, the one

problematic

web IP via the branch and updated the branch FW to allow the

special

HQ network, correct?  (I ask, because it's always good to know whether suggestions made actually worked - also bolsters confidence same suggestions might be good to offer to other in the future.)

BTW, regardless the actual work around approach which got your problem resolved, I would suggest still trying to determine why the one web site doesn't work from HQ.  Once you know the actual cause, you might then be able actually correct the issue or use even a better mitigation approach.  Even if you cannot resolve the actual issue or find a better approach, knowing the actual root cause of the issue may avoid bumping into the same issue in the future.