At headquarters, we currently have two routers. One router (2621xm) connects to our MPLS network from Qwest.
We have another 2621 which connects to Qwest for internet (T1 to internet). Our current mpls router does not hit a firewall before going internal. I was told this is ok, since it is private. Our internet router does have a firewall before hitting corporate.
Would it make sense to purchas a 3845 (with multiple WAn interfaces) and replace both the 2621s? Or would it be a security risk. Because if someone popped the 3845, they may have access to the MPLS network?
Please see diagram