Yeah.. you gotta use NAT and do translation on the router.. you can actually do a global PAT, and translate all the users private IP to , say the interface IP address.. This will make sure that the outbound connections are secure, and ip addresses are hidden..
To secure the router overall you can consider enabling auto-secure feature, if you have 12.4 IOS.. this will turn off all unnecessary processes , like http, finger service etc.. you can also put an access-list on the outside interface (connecting to internet) and allow only specific IP addresses.. YOu can block RFC 1918 private ip addresses from outside, as you dont need them.. If you need more security, you can have a dedicated IPS on the outside segment, as the router internal IPS has really less signatures...
Basically you can harden your router, to increase the security on it.. search for router hardening in CCO, and you will find many docs..
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...