I have a 2811 Router running 12.4.19 with the IOS Firewall feature set. My question is whether to use the CBAC or Zone-based method of deployment. I have 12 VLANs (wired and wireless) off one FE interface that will need a minimum of three different security levels. In addition there two WAN interfaces (T1 primary and ISDN backup). The future plans include replacing the ISDN backup with an GRE IPSEC VPN off the second FE interface and also creating additional security levels within the wired and wireless VLANs.