Currently, I work for an agency that is part of a larger organization.
My
particular agency has 11 locations, and we share the same frame relay

cloud with about 70 other activities. As a result, when I browse for
a
specific tree, I have about 70 to choose from. Currently, the routers

serve as DHCP servers, as well.

My remote offices are small (average 3 pc's per site, no servers),
with
about 50 at my primary location (plus all servers). I want to secure
my
servers and regulate internet access for all clients both local and
remote.

My conclusion was to use BorderManager 3.7 to firewall off my primary

location, drop IPX and go with straight TCP (and SLP). Then, I would

implement proxy services and firewalling, install DNS/DHCP services
(for
the main site only), and implement a site to site VPN for my remote
offices. I also intend to ask for ACL's to be set up on the routers
for
added security.

Questions are as follows:

1) Does this set-up make sense?

2) Since the routers are currently acting as DHCP servers as well, I
know
I would need to configure my primary netware server as a DNS/DHCP
server
for my internal network. I guess I could go from the current (for
example) 10.1.1.x (10.1.1.1 is the gateway) to a static public
interface
of 10.1.1.2 and a private interface of 192.168.0.1. I would then use
NAT
on the public interface, with 192.168.0.1 as the gateway.

I just want to make sure that the public address of 10.1.1.2 (my
internal
router interface is 10.1.1.x) is going to get me the correct
communication
with the WAN.

3) I know if I want to allow some of my users to connect from home, I

would need the routers external IP. Would I need the DLCI
information, as
well? In other words, set up a WAN board interface?

Thanks in advance for all of your insights!

Pat B.