General Routing Question

[stevedeb]

Sorry to ask this here but I couldn't find a general forum and the users here seem to have good answers to rouing questions.

Sorry if this seems basic...here goes.

I have a main office with connection to internet and several branch offices connected to the main office via PTP private line. All branch offices get internet through the main office. I have been given a number of public addresses that I am subnetting so that each branch office can have a /29. Each branch has a need for it's own DMZ. I cuurently am routing this public traffic straight through our central network accross the PPP to the branches. Once at the branches the public addresses are on a separate router interface than the private.

My concern is the mixing of public and private traffic on our main office LAN. The public traffic is routed through the same interfaces as the private traffic to get the the branch offices. It's only at the branch that the traffic is separated to 2 interfaces.

Is this a security problem and if so what should I implement? I apologize that I have a mix of equipment so any answers that are Cisco proprietary probably will not help.

If description is not clea please let me know.

Thanks
Steve

 

[lui3]

Draw out the traffic flows on paper and figure out what you want to allow and what you want to resrict. Then create the access list that will allow the policy that you have created to be installed.