have you install routes to those branches, and do NAT?
assuming lke this :
internet ---> HQ ---> site1, site2, site3
routes to create :
default gateway = HQ
interface to HQ gateway = NATed with internal HQ ip addr.
and dont forget to activate that ip_forward thing.
that is it for now.