It would seem to be theoretically possible, but have any of you successfully tried to do all this on one router:
1) Internet connection with BGP
2) Firewalling with static and dynamic NAT
3) LAN routing for several internal subnets
4) WAN routing with EIGRP to/from a managed MPLS connection
5) configuring on subnet to behave as a DMZ
The other alternatives would be to use:
1) internet router -> PIX or ASA -> internal router
2) internet router w/firewalling/nat -> internal router
We already have a 3660 as the internal in place at the location i question and it is doing the LAN /MPLS routing.
So I am looking for opinions as to what the best overall hardware choice would be.
It seems at first look that if all the functions were to be combined on a single router, the config would be rather complex because of all the extra access lists and statements that would have to be added to each subinterface in order to get the firewalling and NAT to work correctly. It might be easier to accidentally break some function with everything being on one box.
Thank you for your comments.