So basically the only way doing it that you aware of is doing it by putting it as RAP even if it has a private link between both sides
Now my question to you is:
It is not recommend to do that? or its okay if we put it instead of campus bridge to rap split tunneling so the client can use the captive portal and also send that traffic over the internet of the remote branch
Actually the client had those APS on RAP mode but on bridge mode, and tunnel mode for guest
I was telling him that it would be a good idea to change them to campus bridge mode that way he wont have that ipsec overhead on his link....
But now he told me that he doesnt want to bring that internet traffic to the central site... and he would rather send that traffic over the internet traffic of the remote site
Just want to know your humble opinion of what you would advice the client in this situation if he asked you that?
At least i would tell him that you can do what you want but you must stay your APS as Remote APs and keep the ipsec overhead but put those guest VAPS on remote Branch on split tunneling.
The thing is that i cannot tell him how much in BW is that ipsec overhead!