I've never encountered this scenario so I am hoping someone can point me in the right direction.
This is the scenario: I have one Cisco 1721 router which has a primary and secondary network setup on F0. There is a T1 connection here which provides an MPLS connection back to the CORP offiice. The CORP office has an Internet connection via a seperate router and 3xT connection.
10.0.43.1 = pri network
10.254.0.1 = sec network
These point to the MPLS network router --> 10.10.0.1 (Cisco 2821) --> 10.10.1.8 = Firewall Device --> Internet
Currently, I would like to seperate the two networks to two seperate Cisco routers, both 1721's. So:
10.0.43.1 --> Router 1 --> 10.10.0.1 (Cisco 2821) --> 10.10.1.8 = Firewall Device --> Internet
10.254.0.1 --> Router 2 --> 10.10.0.1 (Cisco 2821) --> 10.10.1.8 = Firewall Device --> Internet
With this scenario, here is what I need to accomplish:
10.0.43.1 is setup with an ACL that only allows certain traffiic across the MPLS network, and very few ports are open. Internet access is turned off except a few IPs which are mandated via the firewall policies on the firewall.
10.254.0.1 will be much less restricted and allow most traffic controlled via firewall policy.
However, there will only be one T1 connection to share bwtween the two. So, how do I accomplish what I need? My logic says that the least restricted router, 10.254.0.1 should be where the T1 comes in at, and that router should allow access to the other router for restricted access? Basically, all I need to happen is that 10.254 is least restricted and 10.43 is very restricted via ACL and Firewall policy. My confusion is with the MPLS network and where to place the T1.
How can I accomplish this with best practices in mind?
Thanks for the help all!