I have a customer with three locations, they have 6 Routers, two at each site.
We have a Metro-E deployed between the sites for site to site without a vpn. We also have a separate Internet connection at each site. The reason they have two routers at each site is because they didn't want an outage if one of the routers quit working.
Cisco Umbrella IPS uses an ipsec tunnel. They want you to direct all Internet traffic through the ipsec tunnel.
I could do this by making the destination address on the ipsec policy 0.0.0.0/0
however this kills everything. None of my internal routes work.
Any ideas on how to make the traffic go out the IPSEC but not kill all of the internal traffic?