cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

247
Views
0
Helpful
4
Replies
Beginner

How to go all traffic  to HQ even internet , it s site to site

Hi guys.. I am wonder..

 

How to go all traffic  to HQ even internet , it s site to site

 

I found some answer.. that say  branch do just routing  to HQ

 

another answer says  branch do pat  about HQ public IP... 

 

I am so confused ...what is correct... 

 

please give me to way ..

 

thank you 

Everyone's tags (1)
4 REPLIES 4
VIP Advisor

Re: How to go all traffic to HQ even internet , it s site to site

You need a site to site IPSEC VPN between HQ and BR. Then you route all
traffic across the tunnel. Natting,etc will be done at HQ.
Beginner

Re: How to go all traffic to HQ even internet , it s site to site

thank you for reply  !

 

 so you mean branch do route

 

 example   

 

 route 0.0.0.0 0.0.0.0  HQ public Ip 

 

is it correct ? 

VIP Mentor

Re: How to go all traffic  to HQ even internet , it s site to site

As always, there are multiple ways to implement this. If you want least complexity, then go the following way:

  1. Check how your VPN is implemented. If you still use crypto maps, convert your VPN to VTIs. That makes the config much easier.
  2. When your route-based VPN is established, configure your branch-gateway with a static host-route to the HQ-gateway. Probably you have a default-route to the internet. This default route is removed and reconfigured to point to the tunnel-IP of the HQ-router.
  3. On the HQ internet-gateway, make sure that the NAT/PAT-rules also include the branch-networks.
Highlighted
Beginner

Re: How to go all traffic  to HQ even internet , it s site to site

thank you for reply ! i will try it as you advice..