We have serveral Cisco 3640 routers in use. Each router has 2 PRI interfaces for ISDN & analog (digital modems) for dial-in connections. Because we only allow VPN connections from the remote-users to our network, I've to protect the access router with ACL's allowing only ESP and IPSec/IKE passing through the router. Configuring the required ACL is not the problem for me. I'd like to set the ACL's to the WAN interfaces on the Ciso 3640. I've also to mention, that we use a dialer interfce per user. My question is, if I have to set the ACL to the physical E1/PRI interface of the access router or if I have to set the ACL on each dialer interface (ip access-group xxx in). Because we have quit a lot dialer interfaces in use (>100), it would be easier to set the ACL on the E1/PRI interface, but I'm not sure if this works.
Thank's a lot for any reply.