Route Internet traffic over IPsec connection

  • I have two sites (remote office & HQ).

    I want to route remote office Internet traffic over the existing site-to-site IPsec connection and out to the Internet.

    I found this article:

    It basically describes how to do it, almost exactly what we want to do.

    Our existing IPsec works fine for traffic between the remote office and HQ (email, SQL etc).

    I altered the existing Phase-2 entry at the remote office, changing the remote subnet from but no luck.

    I did create an outbound NAT rule at HQ to allow any traffic from the remote office to go out over our WAN address at HQ, just like all our normal traffic.

    No luck so far.

    How can I debug this?

Log in to reply