I have a client I need to make a change to their router setup and trying to figure the best way around this.
Basically, the company currently has two locations connected to each other by a standard T1 line. The remote location also has a DSL router setup from AT and T. The client wants to set it up so that internet traffic ONLY goes out the DSL router and all other traffic goes out the T1 to the other office. The router has 2 ethernet ports. The access layer switch is plugged into one of the ports and the other is currently open and can be configured. The DSL router is plugged into the switch as part of the Clients attempt to do it himself.
I was leaning toward setting up the 2nd Ethernet port with a different subnet and hooking the DSL up to that port. That segment would be a private network and the nat would most likely take place on DSL router, since it is a dynamic IP. Then I was thinking access lists on the DSL ethernet permiting ports 80, 443 and 21 and denying all other traffic going out and ACLs on the T1 port denying port 80, 443 and 21 while permitting all other traffic applied both in and out. I then have two default routes pointing to both the DSL Ethernet port and the Serial port.
Wanted to get opinions of this solution and if anyone has set up something similiar and what they did? Or if anyone else has a different suggestion.