I've been told to create an isolated, secure path to the internet from remote sites via a gre tunnel but my designers are rather sketchy on how to do this.
Our current guest internet vlan resides on a pix virtual interface. Our BBSM hands out public class B addresses to guests.
We use 10.x.x.x for internal addressing.
The remote sites are edge routers at the far end of ATM-T1 or bridged DSL curcuits.
I'm supposed to hand out public class B addresses to clients attached to switches or access points at the edge routers.
At the remote end I know I must create another sub-interface/vlan for one end of a gre tunnel. At the core I'm told I'll need to bridge between the head end of the tunnel (private IP/routed vlan) and the guest vlan; public IP space.
Can this be done? Can I have public class B addresses handed out to clients, through a gre tunnel, to the far end of a circuit that routes only our privtate address space?
I feel like I'm swinging at a pinata.