I have a 3015 at our central office with a number of Cisco 800's / 1700's at satellite offices. I've got them up and running with IPSec tunnels using 3DES/SHA and currently pre-shared keys (Thinking about using digi-certs as the number of sites could increase). I've been ploughing through the Safe VPN docco about the question of further security using NIDS and firewalls., and looked at the medium sized scenario.
Has anyone got a similar setup that could enlighten me further on the best way they have found to tighten up security to a safe, but not excessive level ?