I have a 2811 with two f/e's, and 2 wan circuits: 1 for public internet (s0), and one for private wan connections (s1). f0/0 has a public ip that connects directly into a firewall. the firewall has a dmz for a web server. i plan to have the private, protected side lan connected on f0/1. i need all traffic (f0/1 and s1) bound for the the internet (s0) to go through the firewall and then to f0/0 and s0, not be routed directly to s0.
pretty much, i have the ip route 0.0.0.0 0.0.0.0 pointed to s0, but when i connect the private side to f0/1, this is going to route all internet traffic to s0 without going through firewall (needed--it is running websense). is there a way i can say all private traffic bound with unknown destination, default gateway is the firewall?
Sounds like you really have a tough situation. Any chance you could put a firewall at the other end of the Private serial link? While malicious traffic could still hit the router you could put a firewall to protect the thernet side of each LAN and have some protection. Just a thought.