We're required to follow NIST security policies and P2P circuits do not require encryption/firewall/IPS unless the demarc is not in a secured area. IMO encryption should be enough and a firewall /IPS is not needed (unless you use a FW for encryption).
Well, first of all I'm assuming that the curcuit is to support a connection to another network in your administrative domain (i.e. another one of your companies offices).
It depends on your requirements(including those that come from regulations/expectations/auditors/etc). What kind of traffic will go over the circuit(i.e. how sensitive is it)? Is is already encrypted (depending on where this happens, it can make IDS/IPS superfluous)? I'm not aware of any regulations that specifically require a firewall and/or IDS/IPS or even encryption of sensitive data on "private" networks like frame-relay and point-to-point.
However, if you're in the Pharmaceutical business and you have trade secrets you want to protect, you'd probably at least encrypt (ipsec, whatever) and maybe use IDS/IPS and a firewall. A bank might do the same. If you're selling toys and use the link to upload inventory, then you might not.
IMHO, you should assume that your service provider CAN and regularly DOES see your traffic. That's a problem best solved by encryption, not firewall/IDS/IPS.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...