Solved: How to backhauled internet traffic over IPSec

branko · ‎07-18-2008

Hi,

We have one central site and six branch offices.

I can easily configure site-to-site VPN tunnel between HQ and all branches, using split-tunneling, so only LAN-to-LAN connection goes over VPN tunnel.

Now we want to centralized all traffic, including Internet-destined, so all branches will go to internet over our HQ internet links.

At HQ site we have ASA 5510 (which is terminating point for VPN connections), and want to monitor all traffic, using either Websense or CSC module for ASA.

The question is: How to configure this? :)

Best Regards

Branko

srue · ‎07-18-2008

disable split tunneling and in your crypto acl's use a permit ip x.x.x.x x.x.x.x any statement on the remote.

at hq, the crypto acl will be permit ip any x.x.x.x x.x.x.x.

at HQ, enable the same security permit intra interface feature.

View solution in original post

srue · ‎07-18-2008

disable split tunneling and in your crypto acl's use a permit ip x.x.x.x x.x.x.x any statement on the remote.

at hq, the crypto acl will be permit ip any x.x.x.x x.x.x.x.

at HQ, enable the same security permit intra interface feature.

branko · ‎07-22-2008

Finally, I tried your sugestion, and with a little configuration changes on ASA (I had already enabled same security feature) it's working now.

Thanks.