How can I route internet traffic over IPSec point to point?

I have a remote site that connects by IPSEC with the end points on a router and ASA. The connection is working fine and the remote site can access my other networks at the main headquarters. The problem is, currently this remote site is accessing the internet via the same link that is supposed to VPN everything back to headquarters. I need to figure out how to VPN their internet traffic to my main headquarters. There's an IPrism behind the firewall to filter web access so it seems like I need to point the remote sites default gateway to my routing device that's behind my Iprism? 
Also, currently the outside interface on the remote site's router does not have an ACL applied, can someone suggest what that ACl should look like? Thank you for your help! Here is a sample configuration of the remote site's router:
crypto isakmp policy 20
(encryption parameters here)
crypto isakmp key password address x.x.x.x (Public ASA IP) no-xauth
crypto ipsec transform-set remotesite (encryption parameters here)
crypto ipsec df-bit clear
crypto map Mainsite 1 ipsec-isakmp
 set peer x.x.x.x (Public ASA IP)
 set transform-set remotesite
 match address 100
interface FastEthernet0/0
 description $ETH-LAN$
 ip address 10.1.1.1 255.255.0.0
 ip nbar protocol-discovery
interface FastEthernet0/1
 description ISP Interface
 ip address x.x.x.x (public IP) 255.255.255.0
 crypto map Mainsite
 crypto ipsec df-bit clear
ip route 0.0.0.0 0.0.0.0 x.x.x.x (ISP's default gateway)
access-list 100 remark Access list Mainsite Access
access-list 100 permit ip 10.1.0.0 0.0.255.255 10.3.0.0 0.0.255.255
and other various headquarter networks...

Hi Mark, you can modify your crypto acl to permit any any on your remote site which will make all traffic goes through the tunnel. Then on ASA you need to do hairpinning on the outside interface. This will make users on remote site to access internet via HQ. But if you do it this way the internet traffic goes straight to internet without having them filtered by your iPrism. 
What I am not sure about is if there is a way to do it if you want those traffics to be filtered by the iPrism before going out to internet. 
HTH

Similar Messages

  • HT4157 How can i use internet if none avalable in my home.  Have cable tv, no computer. Concerned about data charges whne renting movies, or streaming videos.

    How can I us internet if none available in home.  Have cable tv, no computer, concerned about racking up datga charges when renting movies, or streaming videos.  Have a cellular data plan, but too expensive for movies.

    You need to add Internet to your cable plan and your provider will give you a modem. Then you plug a wifi router into that to get wireless Internet to your iPad.

  • How can i Print a Bannerphoto over 2 Meters? I use a Mac.

    how can i Print a Bannerphoto over 2 Meters? I use a Mac. and Photoshop 6

    Thanks for getting back to me. Unfortunately, I'm still a bit confused by what you mean by "save the file". Which file are you referring to? Perhaps it would help if I explained a bit more about what I'm trying to do.
    I want to print out the list of bookmarks that are displayed in the sidebar, which are organised into folders such as "music", "travel" "most visted" etc etc, so that I get a printed list of all the sites I have bookmarked, including the ones in each of the folders.
    In Internet Explorer, I can do this by exporting the list to a file and then printing out that file, but I can't find any similar export command in Firefox.
    Thanks for your help

  • RV042 - Priority Routing HTTP Traffic Over WAN2?

    Hi,
    I have an RV042 set to load balancing.  WAN1 is a T1 and WAN2 is an ADSL connection.  It seems that more often than not web traffic is going out over the slower WAN1, so I'd like to try to route http traffic over the ADSL before the T1 due to the higher download speed.
    Is there a way to do this?
    Thanks!

    blasty,
    Yes it is possible. It is called protocol binding, and the configuration steps for this can be found on page 23 of this guide:
    http://www.cisco.com/en/US/docs/routers/csbr/rv042/admin/guide/RV042_V10_UG_C-WEB.pdf
    If you have any problems please post them in as much detail as possible.
    Bill

  • How can I move my left over money from my UAE account into USD for my American itunes account?

    How can I move my left over money from my UAE account into USD for my American itunes account?

    How can I go back to my US account then?? I only have .03 aed left..

  • I have 528 contacts on my phone, but only 290 on my Icloud how can i move the rest over from my phone to my Icloud nothing is working

    I have 528 contacts on my phone, but only 290 on my Icloud how can i move the rest over from my phone to my Icloud nothing is working

    Go to Settings>iCloud, turn Contacts to Off, choose Delete from My iPhone when prompted (they will still be in iCloud).
    Download the app My Contacts Backup to your phone.  Use this app to backup the remaining contacts on your phone (from your exchange account) as a vCard attachment to an email that you send to yourself.  Confirm that you have received the email on your phone.
    Go to Settings>iCloud and turn Contacts back to On.
    Go to Settings>Mail,Contacts,Calendars>Default Account (in the Contacts section), set this to iCloud.  (This will cause new contacts added to your phone to be added to the iCloud account.)
    Go to Settings>Mail,Contacts,Calendars...tap your exchange account and turn off contacts syncing (otherwise you will end up with duplicates on your phone).
    Open the My Contacts Backup email and tap the attachment to import the contacts from your exchange account back to your phone.  They will be added to iCloud and appear on icloud.com and any other devices syncing contacts with your account.

  • How can I install internet explorer on my iMac?

    How can I install internet explorer on my iMac?

    WZZZ wrote:
    Nope didn't notice that. No idea what it was doing in the list of current discussions--I guess it was one of those old threads that wakes from the dead and reappears out of nowhere.
    Yep. The wonderful, wacky world of Jive.

  • How can I get internet explorer on my macbook pro?

    How can I install internet explorer on my macbook pro? Thanks!

    Install Windows 7 into a virtual machine program (IE comes with it), I suggest VirtualBox as it's free and gets updates for near forever. However VMFusion and Parallels has more features but then to drop you if you don't upgrade OS X.
    Windows in BootCamp or Virtual Machine?

  • I am on a plan with a basic phone that is breaking. I was given a smartphone that belonged to a relative that is now deceased, (they used the phone since they have passed it is deactivated.) how can I switch my phone over and is there anyway to avoid a da

    I am on a plan with a basic phone that is breaking. I was given a smartphone that belonged to a relative that is now deceased, (they used the phone since they have passed it is deactivated.) how can I switch my phone over and is there anyway to avoid a data package/plan?

    What is your current plan?  In some cases it can be cheaper to move to a More Everything plan with an out of contract line. With More Everything, you will get a $15 per month reduction in line fee with a minimal data. 

  • How can I insert an accent over a letter?

    How can I insert an accent over a letter?

    Just hold down and don't release the key that you want to have an accent over. When the choices pop up, press the number on your keyboard that corresponds to the number underneath it:
    For example if you want to write à or ä or æ, hold down 'a' on your keyboard and press 1, 4, or 5 respectively.

  • How can i close internet explorer to download flash

    how can I close internet expllorer to download flash

    37393 are you referring to Flash Professional or Flash Player?  Also have you tried closing all open browser windows?

  • How can I open Internet explorer only pages on a mac? The website that I need to access only permits internet explorer

    How can I open Internet explorer 'only' pages on a mac, without creating a drive partition and installing windows separately?
    I've tried winbottler, but it doesn't seem to serve my purpose. The web site that I'm trying to access only permits Internet explorer.

    Microsoft has not written IE for Mac for years so unless you want to create a parition and install Windows, or user a Windows emulator, you're out of luck for installing IE on a Mac.
    The web site that I'm trying to access
    There might be a work around for you since it's just the one site.
    Go to the Safari menu bar click Safari > Preferences then select the Advanced tab.
    Enable the Develop menu.
    Now click Develop from the Safari menu bar then click User Agent > IE 9, 8, or 7

  • How can I connetct internet on my ipad mini (non cellular) without wifi ? is there any wifi adapter available ?

    How can I connetct internet on my ipad mini (non cellular) without wifi ? is there any wifi adapter available ?

    You can not connect to the internet with a WiFi only iPad without WiFi. You can get a mobile hot spot from your carrier but that still connects to the iPad via WiFi and comes with a monthly data plan like a cell phone.

  • Forms Central: How can I overlay a textfield over an imported picture?

    How can I overlay a textfield over an imported picture?

    Apologies, been trying all afternoon and then a couple of minutes after posting, I figured it out. Using a property node for the Scenemesh reference, I set the property TextureGenMode to Spherical and it appears to now display the texture on the mesh.

  • How can i route smtp client in multiple messaging store servers environment

    In multiple messaging store servers environment, how can i route smtp client to the host which was specified in user's ldap "mailhost" attribute,just likes route pop client through mmp.
    does mmp can do it? or any other idea?
    thx a lot~!

    So, you want to add a text line to some messages, but not all?
    That's going to be pretty complex, actually.
    First, if all your mail is text, adding a text footer isn't all that difficult, it's done through the conversion channel.
    But filtering that, so you only do it for some users, isn't going to be easy at all.
    If you can get your users to point their clients to a particular MTA, then you can add the tag on that mta, only.
    Please note, that a text tag on a text mail is possible. Adding to an HTML mail is FAR more complex, and not a job for somebody not extremely familiar with MIME and building such.

Maybe you are looking for

  • My Garageband does not work with Symphonic Orechestra or USB Boombox

    I have two Macs: the main one is an iMac with Intel Core Duo 2 GHz, 1.5 GB RAm and 250 Gb HD, with OSX 10.4.8, and all the latest software upgrades as I download them as soon as they are available. The secondary Mac is a normal iBook G4-800 with 640

  • Typekit sync problem in Photoshop (Suitcase fusion?)

    I am on a Mac OS X 10.9 and all my CC apps are up to date I installed a few desktop fonts from Typekit. They worked fine in Photoshop but after restarting my Mac the fonts were disabled in Photoshop. I then turned file and font sync of/on in CC setti

  • How to calibrate an ipod mini???

    well, yeah im having problems using my ipod because once i fully charge it, and then start hearing it, i could only hear it for like 10 minutes. that is so frustrating . i heard that calibrating an ipod may help... but yeah i dont know how to.. yes i

  • How do I schedule an autosys job to run monthly?

    Please what command do I use to schedule an autosys job to run monthly? And how do I use this command?

  • Problem Corel Draw .eps files

    I'm building a 1-color book in InDesign CS5. The illustrator generating the art files for this book is supplying .eps files created in Corel Draw. She says that she's greyscaling the art but when I load it into InDesign my preflight says that the art