- Thanks for posting your question on the forum! You opened up a ticket with Adtran Tech Support, and below I am adding what ended up being the solution to this setup:
You may find the following post is closer to what you are trying to set up: Re: using a VPN as a gateway
However, the Central site configuration will differ slightly from the post if the Central site's VPN router also acts as the Central site's internet router:
ip access-list extended VPN-SELECTORS
permit ip any <REMOTE LAN SUBNET>
** NOTE: The ACL VPN-SELECTORS will need to be the ACL that the crypto map references. The ACLs below are needed for the firewall to handle the traffic correctly.
ip access-list extended VPN-TO-REMOTE
permit ip <LOCAL LAN SUBNET> <REMOTE LAN SUBNET>
!
ip access-list extended VPN-FROM-REMOTE
permit ip <REMOTE LAN SUBNET> <LOCAL LAN SUBNET>
!
ip access-list extended VPN-REMOTE-INTERNET
permit ip <REMOTE LAN SUBNET> any
!
ip policy-class PRIVATE
allow list VPN-TO-REMOTE stateless
!
no ip policy-class PUBLIC rpf-check
ip policy-class PUBLIC
allow list VPN-FROM-REMOTE stateless
nat source list VPN-REMOTE-INTERNET address <WAN IP address>
Please do not hesitate to let us know if you have any further questions or issues.
Thanks,
Noor
