We currently have a Gigabit SONET ring between several locations. We also filter all traffic through an "outsourced" method and don't have our own internal firewall system. We run through this external provider and use a proxy to access the outside world. They recently opened the necessary ports for us to use VPN for a few (maybe 20) end users to access our internal network.
I have a Cisco PIX 501 and need to use this device to allow users access. It will otherwise NOT be used to filter any internal traffic and the low bandwidth of 100Mbps is very limiting.
We have several Cisco Catalyst L3 4509 switches and the primary network connection is fed directly into this, which is then fed to other 4509's on different floor's of this building.
Our entire network is Gigabit Full-Duplex to every server and desktop.
Where on the network should this be placed to avoid a bottleneck and still grant access to VPN users? Most diagrams I've seen place this device in the center of the network with the internet being on one int, the internal being on another.
Would our best bet be an additional DS0 or 1 circuit with the PIX in between it and our Cat? We still have a few 2600's laying around the basement.