Currently our network looks like the attached image (current.jpg)... pretty simple really.
But we are adding capacity from a 1.5Mbs T1 to fiber 10Mbs. The fiber connectivity is delivered via Ethernet, but we are still required to have routing equipment. They deliver the service routed behind our interface (E0 x.x.x.126). We will also be adding several NAT'ed VLANS to the area behind the firewall in the near future.
My initial thought was to use one of the Integrated services routers that has a firewall built in but I am not sure how the firewalling and NAT would work if they are delivering behind our side of the interface. Is it done with virtual interfaces? Would we need to add a switch module to the router? Would we be better off with a more traditional router and a pix?