Hello

I have 2 ISR's. Site A is located in a country that does not allow VOIP, So I am trying to tunnel that traffic to use my internet connection at Site B. All other non-interesting traffic from Site A should still use Site A's internet connection.

If  I am doing this, is there any need to create the inverse ACL on the side that permits VOIP? As  I do not want to tunnel my voip traffic from site B back to A?

Here is the relevant bits of config for Site A:

ip nat inside source list Nat_Rules interface GigabitEthernet0/1/0 overload

ip forward-protocol nd

no ip http server

no ip http secure-server

ip tftp source-interface GigabitEthernet0/0/0

ip route 0.0.0.0 0.0.0.0 94.x.x.x

ip scp server enable

!         

!         

ip access-list extended Nat_Rules

remark This traffic will be natted

permit tcp 10.0.22.0 0.0.0.255 eq 443 any

permit tcp 10.0.22.0 0.0.0.255 eq pop2 any

permit tcp 10.0.22.0 0.0.0.255 eq pop3 any

permit tcp 10.0.22.0 0.0.0.255 eq smtp any

permit tcp 10.0.22.0 0.0.0.255 eq ftp any

permit tcp 10.0.22.0 0.0.0.255 eq ftp-data any

permit tcp 10.0.22.0 0.0.0.255 eq www any

ip access-list extended VPN_Rules

remark This traffic will go through the VPN

permit tcp 10.0.22.0 0.0.0.255 eq 1935 any

permit tcp 10.0.22.0 0.0.0.255 range 19302 19309 any

permit udp 10.0.22.0 0.0.0.255 range 19302 19309 any

permit udp 10.0.22.0 0.0.0.255 eq 1935 any

!         

What would the inverse of this look like for Site B?  My Nat for that is currently

access-list 75 permit 10.0.25.0 0.0.0.255

But I assume this would need some rule changes too?

Sorry if this seems a little vague but I can try and add more necessary details if requested